xloader

General

Target

Se adjunta el pedido, proforma.exe
Size

714KB
Sample

211125-s9x5haffem
MD5

deea7525a547ed7a9ef6c81b04478f3e
SHA1

b29c935913a55c9bad3979d05d97a6ebda871604
SHA256

413e8df7f149aa643aaa1ef70e953ab2112827b652f1cf05b6420ed6a119962d
SHA512

ddb161a25bdc6465ddba19c8781773006e8cbf7b8e909aae20eb4cc577b085c72d75bed40b0d4ab2363003759a344b1aad2235381ab3c10043b3e47e2ee9f139

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

euv4

C2

http://www.rematedeldia.com/euv4/

Decoy

anniebapartments.com

hagenbicycles.com

herbalist101.com

southerncorrosion.net

kuechenpruefer.com

tajniezdrzi.quest

segurofunerarioar.com

boardsandbeamsdecor.com

alifdanismanlik.com

pkem.top

mddc.clinic

handejqr.com

crux-at.com

awp.email

hugsforbubbs.com

cielotherepy.com

turkcuyuz.com

teamidc.com

lankasirinspa.com

68135.online

Targets

- Target
  
  Se adjunta el pedido, proforma.exe
- Size
  
  714KB
- MD5
  
  deea7525a547ed7a9ef6c81b04478f3e
- SHA1
  
  b29c935913a55c9bad3979d05d97a6ebda871604
- SHA256
  
  413e8df7f149aa643aaa1ef70e953ab2112827b652f1cf05b6420ed6a119962d
- SHA512
  
  ddb161a25bdc6465ddba19c8781773006e8cbf7b8e909aae20eb4cc577b085c72d75bed40b0d4ab2363003759a344b1aad2235381ab3c10043b3e47e2ee9f139
Score

10^/10

xloader euv4 loader persistence rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2

T1060

Privilege Escalation

Defense Evasion

Modify Registry

3

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Adds policy Run key to start application

Executes dropped EXE

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2