xloader

General

Target

PO-003785GMHN.exe
Size

985KB
Sample

210927-txj8jshecq
MD5

4577c41fc896a87df4513f13d29ee65a
SHA1

38e76942a779e8b04cdf763cf993ceda76d049f2
SHA256

144fc8c1a922dbb8162d72a94780f8559bbd9e6b1faa9e037fd33e809126b080
SHA512

dbd15ae87202593f80daf6563bd7ef8bb9be154c7c1995ca6c127c7bfa8e8fb1eb5d9c075d887ef8a893fa64ddb72402e11da3c7f57aeda276ee4fc3c50f21af

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

8iwd

C2

http://www.serpascarnes.com/8iwd/

Decoy

openhousedigitale.com

helpindia.store

josiahspicer.com

wydancer.com

athinatoday.com

asiapartnerspoint.com

freemakechefsrecipes.com

metrolistingsservices.com

assarytagged.quest

ververevival.com

cjdue.com

iqmetaverse.com

sh-spgdk.com

spacecitybeauty.com

phasmatoidea.com

yz1866.com

tenlog009.xyz

gameprizes.xyz

415know.com

virus-jestock.com

Targets

- Target
  
  PO-003785GMHN.exe
- Size
  
  985KB
- MD5
  
  4577c41fc896a87df4513f13d29ee65a
- SHA1
  
  38e76942a779e8b04cdf763cf993ceda76d049f2
- SHA256
  
  144fc8c1a922dbb8162d72a94780f8559bbd9e6b1faa9e037fd33e809126b080
- SHA512
  
  dbd15ae87202593f80daf6563bd7ef8bb9be154c7c1995ca6c127c7bfa8e8fb1eb5d9c075d887ef8a893fa64ddb72402e11da3c7f57aeda276ee4fc3c50f21af
Score

10^/10

xloader 8iwd loader persistence rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2