xloader

General

Target

18b3ab7b4f3820538073edddb7fc9532855b00ea6f391d825c75e9ee864b1bdc
Size

448KB
Sample

220131-zjyfxaccf5
MD5

232f7b1a33de22b6246c797496653cfd
SHA1

ca906a0429352153ad835e22179c11ad460018a9
SHA256

18b3ab7b4f3820538073edddb7fc9532855b00ea6f391d825c75e9ee864b1bdc
SHA512

c82789c059051b6b5e0922172cf0a6a1d6915a9011ed7177b97613294b78052fce13070361496158e4641e60867ec7c3e2eb9b41dda4d62f223a6f487dd5cce9

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

n58i

Decoy

nl-cafe.com

votetedjaleta.com

britrobertsrealtor.com

globipark.com

citysucces.com

verisignwebsite-verified.com

riddlepc.com

rosecityclimbing.com

oleandrinextract.com

salmankonstruksi.com

needhamchannel.com

refreshx2z.com

youth66.com

pla-russia.com

halloweenmaskpro.com

exdysis.com

1gcz.com

lookgoodman.com

rlxagva.com

stlcityc.com

Targets

- Target
  
  Released Order.exe
- Size
  
  503KB
- MD5
  
  e2bbb850c21363d228dc24d273e1a8a9
- SHA1
  
  fd22b3c7eb8baf4a5f73cb32340c1503cc5d2b2a
- SHA256
  
  7f41f56fccf71bcb0c1f50d11e9d05a0342cd08a3a27d55d31cffe0ef95b2272
- SHA512
  
  9dc5863692a3c505f3a2856ebe1cb2bc5bc33db5293393cf004e45f90b0dbf24eb85248464a3d3d849c33ec7e310e022956ab7c295136bf0ee3bffcd4874e098
Score

10^/10

xloader n58i loader rat persistence
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Sets service image path in registry
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Sets service image path in registry

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2