xloader

General

Target

Nova lista narudzbi.zip
Size

366KB
Sample

220131-kc16wshea3
MD5

2b432ecbc21529d4cf57eb1cbf0ebde4
SHA1

0dccb01f04b8d832bb92fc60be1ec7a8f4f1c3f4
SHA256

ad720e8cfafe30dff584f7b80b5af332e8336f1b8c25ef736225f5ee5861c704
SHA512

aa523c9c732da682b9054444b05c5ad3f1554e6cadc50204fd838e61ebdf4a37a09bcbbd10c6c3015cf377ac46eb42ce913671421a88bfda4691fad70003ecb1

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

pvxz

Decoy

imt-token.club

abravewayocen.online

shcloudcar.com

mshoppingworld.online

ncgf08.xyz

stuinfo.xyz

wesavetheplanetofficial.com

tourbox.xyz

believeinyourselftraining.com

jsboyat.com

aaeconomy.info

9etmorea.info

purosepeti7.com

goticketly.com

pinkmemorypt.com

mylifewellnesscentre.com

iridina.online

petrestore.online

neema.xyz

novelfooditalia.com

Targets

- Target
  
  Nova lista narudzbi.exe
- Size
  
  737KB
- MD5
  
  92e4965d42225c4cb6e0df8eea1624cd
- SHA1
  
  15fcbadd57392f45ec2f5295135a6f91e285bae6
- SHA256
  
  b7b9c46351f0f72162bb0139d4b1a7e66180fe1cc61e9742104a27fdba4e7fc6
- SHA512
  
  b94478d476129de0973eb1a5b040b7bd9f60a4540f81e45e8005e3edcd233d45afdf3c2c4aa0487cca3c3f2acdad428cce8adb781d8b8213bbc0fc9cb269e16d
Score

10^/10

xloader pvxz loader persistence rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2