Lightnews — Scholar-powered news

Raj Nepali

@nep-d0c.bsky.social

9 followers 35 following 2 posts

Threat hunt @Unit 42

Posts Replies Media Videos

Raj Nepali

@nep-d0c.bsky.social

Everything he touches, he destroys

March 10, 2025 at 2:31 PM

Reposted by Raj Nepali

Brad

@malware-traffic-analysis.net

2025-01-30 (Thursday): #XLoader infection. Unlike my previous XLoader infections, this one didn't run in my VM, so I used a physical host. A #pcap of the infection traffic, the associated malware samples, and more info is available at malware-traffic-analysis.net/2025/01/30/i...

Screenshot of my blog post with analysis of the XLoader infection.

XLoader distributed as a RAR attachment to an email. The malware is a Windows executable file within that RAR archive.

Traffic from the XLoader infection filtered in Wireshark.

XLoader persistent on the infected Windows host through a Windows registry update.

January 30, 2025 at 6:32 PM

Add to Home Screen

Light up
your news

Add to Home Screen

Light upyour news

Sign in to Lightnews

Sign up to start reading

Connect Bluesky

Connect with Bluesky

Light up
your news