xloader

General

Target

Drawing.exe
Size

632KB
Sample

220121-f4wm9sdhc2
MD5

6a5da7edb320b2ba8635683b53db2ccb
SHA1

38c006c6a2dfa2c238d339151670b0e382863961
SHA256

89c9a52351f75b5be88f745b84dbb5c16930cca9d932f33b008993167e022e70
SHA512

d20fbde572c9b217094f61718047d1446f9a39dbf9a564be8cde728b4b9f6d7ae8f777e017f7061b8b0663eb6d07b4b12c269f9fb17c223c8d2708a466c5f9f9

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

rexd

Decoy

xn--2es77o3w1bruk.mobi

cotesaintetienne.com

newlifefoursquaremcpherson.com

solutions-consulting.biz

chsico.com

demeet.xyz

eiruhguijire.store

realestatemoda.com

amr-fire.net

99v.one

altdaita.com

showerbeast.com

nsfone.com

doanhnhanvietnam.info

xn--transfpanou-39a.com

invitiz.com

chifaebio.xyz

footprint-farm.com

onlinenurseprograms.com

tigeratlspa.com

Targets

- Target
  
  Drawing.exe
- Size
  
  632KB
- MD5
  
  6a5da7edb320b2ba8635683b53db2ccb
- SHA1
  
  38c006c6a2dfa2c238d339151670b0e382863961
- SHA256
  
  89c9a52351f75b5be88f745b84dbb5c16930cca9d932f33b008993167e022e70
- SHA512
  
  d20fbde572c9b217094f61718047d1446f9a39dbf9a564be8cde728b4b9f6d7ae8f777e017f7061b8b0663eb6d07b4b12c269f9fb17c223c8d2708a466c5f9f9
Score

10^/10

xloader rexd loader rat persistence
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Sets service image path in registry
  persistence
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Sets service image path in registry

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2