xloader

General

Target

Proforma.01102021.PDF.exe
Size

918KB
Sample

211102-hwkxxabhf4
MD5

af94940941c68cabed310c1664febd82
SHA1

eee9e33fb4fac7b2bdc36873c789d3701ba0b204
SHA256

fc791a24b4250988196f8c8b174d778e0ed1f4ea2a3c8601b25ab4431df56f08
SHA512

124d162fb2e6dc11c1d2555564da3a8e1a38a61b77b60b351e2d588fdb90af550c9d2717db750b2f4e9b1fca8365da595e46f770cba3ca870462aa20f77519e3

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

pvxz

C2

http://www.finetipster.com/pvxz/

Decoy

imt-token.club

abravewayocen.online

shcloudcar.com

mshoppingworld.online

ncgf08.xyz

stuinfo.xyz

wesavetheplanetofficial.com

tourbox.xyz

believeinyourselftraining.com

jsboyat.com

aaeconomy.info

9etmorea.info

purosepeti7.com

goticketly.com

pinkmemorypt.com

mylifewellnesscentre.com

iridina.online

petrestore.online

neema.xyz

novelfooditalia.com

Targets

- Target
  
  Proforma.01102021.PDF.exe
- Size
  
  918KB
- MD5
  
  af94940941c68cabed310c1664febd82
- SHA1
  
  eee9e33fb4fac7b2bdc36873c789d3701ba0b204
- SHA256
  
  fc791a24b4250988196f8c8b174d778e0ed1f4ea2a3c8601b25ab4431df56f08
- SHA512
  
  124d162fb2e6dc11c1d2555564da3a8e1a38a61b77b60b351e2d588fdb90af550c9d2717db750b2f4e9b1fca8365da595e46f770cba3ca870462aa20f77519e3
Score

10^/10

xloader pvxz loader persistence rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Blocklisted process makes network request
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Blocklisted process makes network request

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2