xloader

General

Target

SNO22 PriceLetter595406_RACX-159814.exe
Size

373KB
Sample

220120-mky3lshfaq
MD5

7692a9ecc1b4d092387cffe6faa8d762
SHA1

37e70527d40c881115036ae2de66e3685d3a8f10
SHA256

22c8527c55a52f56653e38bf1f2dbc8ccc06ab0f0ab16879138f30037b710b0a
SHA512

e0c02c683d444ad442c1758113f875687df702402270dc7705b1b12c49e8c88e82b022f88f8d5a1767a43fdcf0f41a2bdbf281703b9dc97c322dd2cf68ff765a

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

p8ce

Decoy

wishmeluck1.xyz

nawabumi.com

terra.fish

eoraipsumami.quest

awakeningyourid.com

csyein.com

tslsinteligentes.com

cataractusa.com

capitalwheelstogo.com

staffremotely.com

trashbinwasher.com

blaneyparkrendezvous.com

yolrt.com

northendtaproom.com

showgeini.com

b95206.com

almcpersonaltraining.com

lovabledoodleshome.com

woodlandstationcondos.com

nikahlive.com

Targets

- Target
  
  SNO22 PriceLetter595406_RACX-159814.exe
- Size
  
  373KB
- MD5
  
  7692a9ecc1b4d092387cffe6faa8d762
- SHA1
  
  37e70527d40c881115036ae2de66e3685d3a8f10
- SHA256
  
  22c8527c55a52f56653e38bf1f2dbc8ccc06ab0f0ab16879138f30037b710b0a
- SHA512
  
  e0c02c683d444ad442c1758113f875687df702402270dc7705b1b12c49e8c88e82b022f88f8d5a1767a43fdcf0f41a2bdbf281703b9dc97c322dd2cf68ff765a
Score

10^/10

xloader p8ce loader persistence rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Sets service image path in registry
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Sets service image path in registry

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2