xloader

General

Target

Noua lista de comenzi.exe
Size

737KB
Sample

220128-wj7g2aabc8
MD5

c6c9905431f32998369ba3fce5743a2b
SHA1

7523dc8923179973879c227ad1776ff583660e3d
SHA256

527036f9e449de86dc23ca03f80ea7da2d0ee7d7752203bbfad4ffb9237a19a8
SHA512

f2c49952055dc82cb91777ac1f68c4c8fab85d4824502a6f357e0942d30c9e67c309d86fd320bf8ca968814794016950663e3f93431e0cc524bf910fa4869685

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

euv4

Decoy

anniebapartments.com

hagenbicycles.com

herbalist101.com

southerncorrosion.net

kuechenpruefer.com

tajniezdrzi.quest

segurofunerarioar.com

boardsandbeamsdecor.com

alifdanismanlik.com

pkem.top

mddc.clinic

handejqr.com

crux-at.com

awp.email

hugsforbubbs.com

cielotherepy.com

turkcuyuz.com

teamidc.com

lankasirinspa.com

68135.online

Targets

- Target
  
  Noua lista de comenzi.exe
- Size
  
  737KB
- MD5
  
  c6c9905431f32998369ba3fce5743a2b
- SHA1
  
  7523dc8923179973879c227ad1776ff583660e3d
- SHA256
  
  527036f9e449de86dc23ca03f80ea7da2d0ee7d7752203bbfad4ffb9237a19a8
- SHA512
  
  f2c49952055dc82cb91777ac1f68c4c8fab85d4824502a6f357e0942d30c9e67c309d86fd320bf8ca968814794016950663e3f93431e0cc524bf910fa4869685
Score

10^/10

xloader euv4 loader persistence rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2