xloader

General

Target

DHL Delivery Documents.exe
Size

78KB
Sample

220131-ss4wqaabc3
MD5

94743aae8b0eb58bf9849035dc640b3c
SHA1

089f398df4eb9cf0511038cff177ecd3fbc9715c
SHA256

b34bc888551b9a603edf76a356a4c0fc290fac420d3c6df0decd0916970bfb9b
SHA512

23b72e99ec9ad81a97d3b4902c020c7f27b3b156ca81bc5c818f9ecd88b40f6cfb3b9b436511e952de31a9c7841cf80e9019c0ad2a54d075ba5f1bf7e9e562b0

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

zqzw

Decoy

laurentmathieu.com

nohohonndana.com

hhmc.info

shophallows.com

blazebunk.com

goodbridge.xyz

flakycloud.com

bakermckenziegroups.com

formation-adistance.com

lovingearthbotanicals.com

tbrservice.plus

heritagehousehotels.com

drwbuildersco.com

lacsghb.com

wain3x.com

dadreview.club

continiutycp.com

cockgirls.com

48mpt.xyz

033skz.xyz

Targets

- Target
  
  DHL Delivery Documents.exe
- Size
  
  78KB
- MD5
  
  94743aae8b0eb58bf9849035dc640b3c
- SHA1
  
  089f398df4eb9cf0511038cff177ecd3fbc9715c
- SHA256
  
  b34bc888551b9a603edf76a356a4c0fc290fac420d3c6df0decd0916970bfb9b
- SHA512
  
  23b72e99ec9ad81a97d3b4902c020c7f27b3b156ca81bc5c818f9ecd88b40f6cfb3b9b436511e952de31a9c7841cf80e9019c0ad2a54d075ba5f1bf7e9e562b0
Score

10^/10

xloader zqzw loader rat persistence
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Sets service image path in registry
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Sets service image path in registry

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2