Raj Nepali's Avatar

Raj Nepali

@nep-d0c

Threat hunt @Unit 42

9
Followers 35
Following 2
Posts 23.01.2025
Joined
Posts Following

Latest posts by Raj Nepali @nep-d0c

Everything he touches, he destroys

10.03.2025 14:31 ๐Ÿ‘ 0 ๐Ÿ” 0 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0

RIP

01.03.2025 01:20 ๐Ÿ‘ 3 ๐Ÿ” 0 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0
Screenshot of my blog post with analysis of the XLoader infection.

Screenshot of my blog post with analysis of the XLoader infection.

XLoader distributed as a RAR attachment to an email. The malware is a Windows executable file within that RAR archive.

XLoader distributed as a RAR attachment to an email. The malware is a Windows executable file within that RAR archive.

Traffic from the XLoader infection filtered in Wireshark.

Traffic from the XLoader infection filtered in Wireshark.

XLoader persistent on the infected Windows host through a Windows registry update.

XLoader persistent on the infected Windows host through a Windows registry update.

2025-01-30 (Thursday): #XLoader infection. Unlike my previous XLoader infections, this one didn't run in my VM, so I used a physical host. A #pcap of the infection traffic, the associated malware samples, and more info is available at malware-traffic-analysis.net/2025/01/30/i...

30.01.2025 18:32 ๐Ÿ‘ 10 ๐Ÿ” 4 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0