xloader

General

Target

6ae185ce909f0b66306100824c28bad1
Size

737KB
Sample

220128-lyc7maagdk
MD5

6ae185ce909f0b66306100824c28bad1
SHA1

5f23a2d4b2c564c95606e537e557aa8251087746
SHA256

074991cefc03a7683cb3c81e83c383010f45c130fdc6dafa13469bfffaf87867
SHA512

01931c4d70f045957aa012a8912f483e11e0f069cee8fd304acc4cb7e44c838abbe1ea870d0e13ef8573967845ab2e1102d47eb76ce6b688904ceacaa8258ef7

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ahc8

Decoy

methodicalservices.com

lojahelius.com

dxadxc.com

keshaunharris.club

hockeyengolfshop.online

sherranmanning.com

instylelimos.net

plick-click.com

tntexplode.com

movement-practice.net

nftlake.digital

134171.com

newhorizonseo.com

lm-solar.com

fahrrad-markt24.com

creatologiest.com

juststartmessy.com

sady-rossii-ural.com

blockchain-salt.com

bestoflakegeorge.guide

Targets

- Target
  
  6ae185ce909f0b66306100824c28bad1
- Size
  
  737KB
- MD5
  
  6ae185ce909f0b66306100824c28bad1
- SHA1
  
  5f23a2d4b2c564c95606e537e557aa8251087746
- SHA256
  
  074991cefc03a7683cb3c81e83c383010f45c130fdc6dafa13469bfffaf87867
- SHA512
  
  01931c4d70f045957aa012a8912f483e11e0f069cee8fd304acc4cb7e44c838abbe1ea870d0e13ef8573967845ab2e1102d47eb76ce6b688904ceacaa8258ef7
Score

10^/10

xloader ahc8 loader persistence rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2