xloader

General

Target

DHL - OVERDUE ACCOUNT NOTICE - 1301474408.exe
Size

17KB
Sample

220220-ve5bfacfhq
MD5

aeaddb6a276a6dff4f24b8588c5e67f8
SHA1

00bb4c75c0227f965bc76bd2bef1a4aca9687d30
SHA256

b04aa6e695c5275ae754bd61c9f45bc3ebdfcc8aed769fae0d744284d072b15e
SHA512

47fefb178984e1eb736e17d78ee2ea1f269e7306f6c0b192b31748af3db33ef91d9d6213cfd96391fdaf71c00d9612a6d10012f4d2dc3f5707ca3de8eeb8fc01

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

po6r

Decoy

jnhuichuangxin.com

mubashir.art

extol.design

doyyindh.xyz

milanoautoexperts.com

4thefringe.com

453511.com

sellathonautocredit.com

velgian.com

6672pk.com

wodeluzhou.com

sumiyoshiku-hizaita.xyz

imoveldeprimeira.com

dgjssp.com

endokc.com

side-clicks.com

cashndashfinancial.com

vanhemelryck.info

agamitrading.com

woofgang.xyz

Targets

- Target
  
  DHL - OVERDUE ACCOUNT NOTICE - 1301474408.exe
- Size
  
  17KB
- MD5
  
  aeaddb6a276a6dff4f24b8588c5e67f8
- SHA1
  
  00bb4c75c0227f965bc76bd2bef1a4aca9687d30
- SHA256
  
  b04aa6e695c5275ae754bd61c9f45bc3ebdfcc8aed769fae0d744284d072b15e
- SHA512
  
  47fefb178984e1eb736e17d78ee2ea1f269e7306f6c0b192b31748af3db33ef91d9d6213cfd96391fdaf71c00d9612a6d10012f4d2dc3f5707ca3de8eeb8fc01
Score

10^/10

xloader po6r loader persistence rat suricata
- Modifies WinLogon for persistence
  persistence
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

1

T1004

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Modifies WinLogon for persistence

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2