xloader | 4efd8009a4be3d178d95134fbea3a30b01f2053d60414bc77072330b58fb26ad | Triage

Sharing

General

Target

Long Truong Co. Ltd.exe
Size

497KB
Sample

220204-vhej7acga5
MD5

dfdeb31d800eb09a2cca73ec4373b4cc
SHA1

57ebe682b48fecbb84a204b8aada22b315b734e7
SHA256

4efd8009a4be3d178d95134fbea3a30b01f2053d60414bc77072330b58fb26ad
SHA512

c30dd74b7efdd7867e6056ff77033d71daba3d21d04b02c5dc75ac3d520ee1167ff9ca4b6aaa3a46ebf4ebcb40084a3a1b9714d68d4a4f9efbd69c6aca08c990

Score

10^/10

xloader s9ne loader persistence rat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

s9ne

Decoy

digital-performance-award.com

fioratti.xyz

designluxre.com

cngangdun.com

restaurantperladelmare.com

davinci65.info

glossmans.com

firstsmileimaging.com

indevmobility.biz

mvptcodesupport.com

crustenc.net

raleighsportsacademy.com

boytoyporn.com

rojaspass.com

acmepaysage.fr

shopatdean.xyz

leonergsteve18870.com

elnahuel.com

ils.network

canto-libero.com

Targets

- Target
  
  Long Truong Co. Ltd.exe
- Size
  
  497KB
- MD5
  
  dfdeb31d800eb09a2cca73ec4373b4cc
- SHA1
  
  57ebe682b48fecbb84a204b8aada22b315b734e7
- SHA256
  
  4efd8009a4be3d178d95134fbea3a30b01f2053d60414bc77072330b58fb26ad
- SHA512
  
  c30dd74b7efdd7867e6056ff77033d71daba3d21d04b02c5dc75ac3d520ee1167ff9ca4b6aaa3a46ebf4ebcb40084a3a1b9714d68d4a4f9efbd69c6aca08c990
Score

10^/10

xloader s9ne loader rat persistence
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Sets service image path in registry
  persistence
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaders9neloaderrat

behavioral2

xloaders9neloaderpersistencerat