Overview

overview

10

Static

static

SecuriteIn...46.exe

windows7_x64

10

SecuriteIn...46.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.W32.AIDetectNet.01.8546.18370

  • Size

    724KB

  • Sample

    220609-mzjlgabed4

  • MD5

    1b053ad5898e7a62a5ba6d5b4614acc1

  • SHA1

    24ec1578605b09fd3da9aef8613358bfbb205398

  • SHA256

    577322e3f941bd8f432e83818ff0e97f411e67e75f9ed5654b856f6e6e2ae9e2

  • SHA512

    f3641c3bcaa88ac62305bec4d42f37ee1455f5979f2f9c6525cc2d183be58dca91fa222d03da5b8d007993750187b37f3980a465291f667d58f2a3626df46f93

Score
10/10
xloadern5mzloaderrat

Malware Config

Extracted

Family

xloader

Version

2.7

Campaign

n5mz

Decoy

ezhuilike.com

broomstickrum.com

ramaniclothing.com

midbots.com

rlxscpe.com

elanagro.online

chahuajie.com

digipubcity.com

predatorstoppers.com

savas-jewelry.com

timinis23.com

homesteaddesignstudio.net

bellezadehoy.online

disintar.xyz

sharinks.tech

redfoxdetroit.com

resscoptheron.com

aspiritualgiftshoppe.com

tematemazo.com

assasa.net

Targets

    • Target

      SecuriteInfo.com.W32.AIDetectNet.01.8546.18370

    • Size

      724KB

    • MD5

      1b053ad5898e7a62a5ba6d5b4614acc1

    • SHA1

      24ec1578605b09fd3da9aef8613358bfbb205398

    • SHA256

      577322e3f941bd8f432e83818ff0e97f411e67e75f9ed5654b856f6e6e2ae9e2

    • SHA512

      f3641c3bcaa88ac62305bec4d42f37ee1455f5979f2f9c6525cc2d183be58dca91fa222d03da5b8d007993750187b37f3980a465291f667d58f2a3626df46f93

    Score
    10/10
    xloadern5mzloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks