xloader | 5ed4b0af136119c2bc78ca0cc3e0b58f77fbe72e9c7218d7c64f3caa2e5eda5e | Triage

Sharing

General

Target

5ed4b0af136119c2bc78ca0cc3e0b58f77fbe72e9c7218d7c64f3caa2e5eda5e
Size

247KB
Sample

220130-zyvnkabdf4
MD5

05ff4e6e816ac6dec4dab71a9d3b18a5
SHA1

7586520a0aa2b07c1f5035ac7cd37437f971d0ee
SHA256

5ed4b0af136119c2bc78ca0cc3e0b58f77fbe72e9c7218d7c64f3caa2e5eda5e
SHA512

d42c53b829f0bff34dca46a9c35c0be5cbeeeaa9dbadfdf04a134d9606d22c2cae1874810c21d6de1435f03991f2b84d43c014484e08177d2585d2366cd3cc7f

Score

10^/10

xloader jdo2 loader persistence rat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

jdo2

Decoy

adopte-un-per.com

lmandarin.com

shonemurawni.quest

bantasis.com

jsdigitalekuns.net

hiddenroom.net

arungjerampangalengan.com

yinghongxw.com

buzzcupid.com

lattent.digital

faxtoemailguide.com

romanticfriryrose.com

ruleaou.com

mochiko-blog.com

sekireixploit.com

bcx-wiremesh.com

jobportalsg.com

wysspirit.com

iflycny.com

sh-cy17.com

Targets

- Target
  
  5ed4b0af136119c2bc78ca0cc3e0b58f77fbe72e9c7218d7c64f3caa2e5eda5e
- Size
  
  247KB
- MD5
  
  05ff4e6e816ac6dec4dab71a9d3b18a5
- SHA1
  
  7586520a0aa2b07c1f5035ac7cd37437f971d0ee
- SHA256
  
  5ed4b0af136119c2bc78ca0cc3e0b58f77fbe72e9c7218d7c64f3caa2e5eda5e
- SHA512
  
  d42c53b829f0bff34dca46a9c35c0be5cbeeeaa9dbadfdf04a134d9606d22c2cae1874810c21d6de1435f03991f2b84d43c014484e08177d2585d2366cd3cc7f
Score

10^/10

xloader jdo2 loader persistence rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Sets service image path in registry
  persistence
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderjdo2loaderpersistencerat