xloader | 222ec0d11854ff17251acc457268745b9a0cc3e94c6e6534aa4a8476e713a231 | Triage

Sharing

General

Target

DHL - OVERDUE ACCOUNT NOTICE - 1301474408.exe
Size

24KB
Sample

220218-we6d6scgd4
MD5

bde4dfd451afa6d4c05a461aa7a7a8f0
SHA1

8a7073c182c5d082c39606261f27385c687eb72a
SHA256

222ec0d11854ff17251acc457268745b9a0cc3e94c6e6534aa4a8476e713a231
SHA512

7b8bda162d8db7b96a8e57d304f57d4386112ff25d86b7398963f194e4b047c0e37737095f296dd147212790aa7280d77ef85f3fc6e7956ef5b6135c20bd7b08

Score

10^/10

xloader po6r loader persistence rat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

po6r

Decoy

jnhuichuangxin.com

mubashir.art

extol.design

doyyindh.xyz

milanoautoexperts.com

4thefringe.com

453511.com

sellathonautocredit.com

velgian.com

6672pk.com

wodeluzhou.com

sumiyoshiku-hizaita.xyz

imoveldeprimeira.com

dgjssp.com

endokc.com

side-clicks.com

cashndashfinancial.com

vanhemelryck.info

agamitrading.com

woofgang.xyz

Targets

- Target
  
  DHL - OVERDUE ACCOUNT NOTICE - 1301474408.exe
- Size
  
  24KB
- MD5
  
  bde4dfd451afa6d4c05a461aa7a7a8f0
- SHA1
  
  8a7073c182c5d082c39606261f27385c687eb72a
- SHA256
  
  222ec0d11854ff17251acc457268745b9a0cc3e94c6e6534aa4a8476e713a231
- SHA512
  
  7b8bda162d8db7b96a8e57d304f57d4386112ff25d86b7398963f194e4b047c0e37737095f296dd147212790aa7280d77ef85f3fc6e7956ef5b6135c20bd7b08
Score

10^/10

xloader po6r loader persistence rat
- Modifies WinLogon for persistence
  persistence
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderpo6rloaderpersistencerat

behavioral2

xloaderpo6rloaderpersistencerat