xloader

General

Target

vbc.exe
Size

380KB
Sample

211029-nqw1wadbg8
MD5

2953a7fb129cbb29a3f913e5e1f01d1b
SHA1

88cc356cf7566c6c5fff68821023c97f4c79d151
SHA256

9508c04b4c1dd578c8c3b8597a68bb73548b107edcbb37f13909a18d85f78b3a
SHA512

ae6da55999c04bf051744147f8caabf283b1b12f88385b1279a1109e72c4589be015e7f3338df2a4f9a673e332d156eb801fd74baeb6ba6b0192869303e9bcdc

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

euzn

C2

http://www.heser.net/euzn/

Decoy

235296tyc.com

gold12guide.art

baibuaherb.com

weberwines.tax

chezvitoria.com

aidenb.tech

pitchdeckservice.com

surgeryforfdf.xyz

workunvaccinated.com

hrtaro.com

yourotcs.com

sonimultispecialityclinic.com

consultantadvisors.com

pentesting-consulting.com

dantechs.digital

longshifa.online

taweilai.net

imyusuke.com

cashndashfinancial.com

fasiglimt.quest

Targets

- Target
  
  vbc.exe
- Size
  
  380KB
- MD5
  
  2953a7fb129cbb29a3f913e5e1f01d1b
- SHA1
  
  88cc356cf7566c6c5fff68821023c97f4c79d151
- SHA256
  
  9508c04b4c1dd578c8c3b8597a68bb73548b107edcbb37f13909a18d85f78b3a
- SHA512
  
  ae6da55999c04bf051744147f8caabf283b1b12f88385b1279a1109e72c4589be015e7f3338df2a4f9a673e332d156eb801fd74baeb6ba6b0192869303e9bcdc
Score

10^/10

xloader euzn loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Deletes itself
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1

T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1

T1064

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Deletes itself

Uses the VBS compiler for execution

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2