xloader | 2179647ebf96503deb5fae78827c5d99757f2926f0226cb5a6e4181e2f0c1a07 | Triage

Sharing

General

Target

Alis sifarisi.exe
Size

1.0MB
Sample

220211-m99kmsceh2
MD5

54c39236d174c27d217736cd049d8bbd
SHA1

832f5c5c4cbf2b4f888f319654cf002176bbb916
SHA256

2179647ebf96503deb5fae78827c5d99757f2926f0226cb5a6e4181e2f0c1a07
SHA512

1df01d52dc6965d5b42c3f03887b01c0fdd1593666e1733d8776d4a64f22253c062e6f1e29fc403f2217547f96962955fe7733b23b55b0f5fd3a5774acec5c7a

Score

10^/10

xloader pvxz loader persistence rat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

pvxz

Decoy

imt-token.club

abravewayocen.online

shcloudcar.com

mshoppingworld.online

ncgf08.xyz

stuinfo.xyz

wesavetheplanetofficial.com

tourbox.xyz

believeinyourselftraining.com

jsboyat.com

aaeconomy.info

9etmorea.info

purosepeti7.com

goticketly.com

pinkmemorypt.com

mylifewellnesscentre.com

iridina.online

petrestore.online

neema.xyz

novelfooditalia.com

Targets

- Target
  
  Alis sifarisi.exe
- Size
  
  1.0MB
- MD5
  
  54c39236d174c27d217736cd049d8bbd
- SHA1
  
  832f5c5c4cbf2b4f888f319654cf002176bbb916
- SHA256
  
  2179647ebf96503deb5fae78827c5d99757f2926f0226cb5a6e4181e2f0c1a07
- SHA512
  
  1df01d52dc6965d5b42c3f03887b01c0fdd1593666e1733d8776d4a64f22253c062e6f1e29fc403f2217547f96962955fe7733b23b55b0f5fd3a5774acec5c7a
Score

10^/10

xloader pvxz loader persistence rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderpvxzloaderpersistencerat

behavioral2

xloaderpvxzloaderpersistencerat