xloader

General

Target

Potvrda narudzbe je u prilogu.zip
Size

334KB
Sample

211101-mzj71aeecl
MD5

c8fe1528b1524b2789ff6482624da54a
SHA1

67e619bca57b42b817ef3fb80c2a63239ad6b4de
SHA256

4aca8fe05d6567bfe4e3894af716cbc2ca284236e810f79a27d558a22063277f
SHA512

f3ecb16b422f69f55183ca81789da8880dcf7c8ed812cd5695b61376db04ab8c1de606e0c1fb22358b5ddbdf3fdb3f11b246e61f7898360409044a53e7d8632f

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

pvxz

C2

http://www.finetipster.com/pvxz/

Decoy

imt-token.club

abravewayocen.online

shcloudcar.com

mshoppingworld.online

ncgf08.xyz

stuinfo.xyz

wesavetheplanetofficial.com

tourbox.xyz

believeinyourselftraining.com

jsboyat.com

aaeconomy.info

9etmorea.info

purosepeti7.com

goticketly.com

pinkmemorypt.com

mylifewellnesscentre.com

iridina.online

petrestore.online

neema.xyz

novelfooditalia.com

Targets

- Target
  
  Potvrda narudzbe je u prilogu.exe
- Size
  
  982KB
- MD5
  
  e006d13431ff3ec6986d5185b804fd3e
- SHA1
  
  d5e25d367747a17de28c39595f3ef90bce714ef5
- SHA256
  
  42df3a16fea8171aa66fc7856671ef94f20245a3bd98787a7070ee8b690430d2
- SHA512
  
  d96f7784e602e185f77b06302e0561d6e2d54e783b83cd0fbbd67ddc5ce17657430cd66dc25ad242d942ed1a09ba7ab3dcf2a9d96c963c74444fdd7c6783aa86
Score

10^/10

xloader pvxz loader persistence rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2