xloader

General

Target

Sales Agreement 17-11-21.doc
Size

12KB
Sample

211118-kzf48scbck
MD5

14be4834507505c85ed0790ceeebe5ba
SHA1

61e1afbec7f215e598a424614bb43df95e5d4fbc
SHA256

315b35059792a62e53ef2443f0fd5ce87509a4b7d9c84b3a679940ef785adb42
SHA512

d6172ad1f19ecb356fa3d0e5aa31d6712108fc31ae7d08b5efd9dae871666a5fb8ce60a41fd38f180135599e363d1908c4e4d34b69964dcae700f9f4fb315126

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

unzn

C2

http://www.davanamays.com/unzn/

Decoy

xiulf.com

highcountrymortar.com

523561.com

marketingagency.tools

ganmovie.net

nationaalcontactpunt.com

sirrbter.com

begizas.xyz

missimi-fashion.com

munixc.info

daas.support

spaceworbc.com

faithtruthresolve.com

gymkub.com

thegrayverse.xyz

artisanmakefurniture.com

029tryy.com

ijuubx.biz

iphone13promax.club

techuniversus.com

Targets

- Target
  
  Sales Agreement 17-11-21.doc
- Size
  
  12KB
- MD5
  
  14be4834507505c85ed0790ceeebe5ba
- SHA1
  
  61e1afbec7f215e598a424614bb43df95e5d4fbc
- SHA256
  
  315b35059792a62e53ef2443f0fd5ce87509a4b7d9c84b3a679940ef785adb42
- SHA512
  
  d6172ad1f19ecb356fa3d0e5aa31d6712108fc31ae7d08b5efd9dae871666a5fb8ce60a41fd38f180135599e363d1908c4e4d34b69964dcae700f9f4fb315126
Score

10^/10

xloader unzn loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

1

T1203

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

3

T1082

Query Registry

2

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Blocklisted process makes network request

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2