xloader

General

Target

LISTA NABAVKE U PRILOGU_1.zip
Size

428KB
Sample

220121-sf6vjsabgl
MD5

63fa230a35159e6ade271833711da9df
SHA1

82764ce074f8fd623faf65eb0ad602766b7c9a54
SHA256

caf4d979c0c8b74dfcc6978be14adf4007f62ec3c7a8dfeaaf3b2b39d18bb09c
SHA512

4ea7eb635ffff9072aef18e0154004690ac9043f6f5733309841f255ca9bca5c01bec98332e66a4bacf80ea0b3decace3083a71d9065c951643bbf7659f6b87e

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

pvxz

Decoy

imt-token.club

abravewayocen.online

shcloudcar.com

mshoppingworld.online

ncgf08.xyz

stuinfo.xyz

wesavetheplanetofficial.com

tourbox.xyz

believeinyourselftraining.com

jsboyat.com

aaeconomy.info

9etmorea.info

purosepeti7.com

goticketly.com

pinkmemorypt.com

mylifewellnesscentre.com

iridina.online

petrestore.online

neema.xyz

novelfooditalia.com

Targets

- Target
  
  LISTA NABAVKE U PRILOGU.exe
- Size
  
  928KB
- MD5
  
  64cab4c420d6a95c20fd1b555b26ca1c
- SHA1
  
  2cb3c433ab77a7fb401a79bec85f85eece2b629d
- SHA256
  
  a91efb27b4a33714947ab40259c7e937cb56dade212c1554cd303eed72382f7c
- SHA512
  
  2617cf19987f9aac4470825e7560e0de5cba0b6b606eab1bcd6794faccab9710de2a855f0411e80cd75c2f108b2ca06cbac7a134841cabd1670b462efbffd37f
Score

10^/10

xloader pvxz loader persistence rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2