xloader

General

Target

TT_COPY_003132.exe
Size

585KB
Sample

210902-n5yevfsh12
MD5

53b8c0b31af3ba5de658c119e39f73bc
SHA1

946d13ae1bcc275b3b1e3542b08f04803a93b50a
SHA256

4311e97e616734f94d1aa4d38f37679749ae84513d132aee134fbc364d25b6ec
SHA512

a2963aeca88f486c519fec957878616182c62ff7fb5f2fda36816678594a4b54192abe56088666328142ddef7479621222de66c5e74a52f69f9756463e417436

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

noi6

C2

http://www.offshoresrilanka.com/noi6/

Decoy

yow.today

rkdreamcreations.com

etheriumtech.com

stretchwrench.com

kiddiecruise.com

stickforward.com

videocineproduccion.com

roofinginamerica.com

amarillasnuevomexico.com

armfieldmillerripley.com

macyburn.club

lvbaoshan.com

shopshelponline.com

thebunnybrands.com

newsxplor.com

momunani.com

rebelnqueen.com

tusguitarras.com

nexab2b.com

e3office.express

Targets

- Target
  
  TT_COPY_003132.exe
- Size
  
  585KB
- MD5
  
  53b8c0b31af3ba5de658c119e39f73bc
- SHA1
  
  946d13ae1bcc275b3b1e3542b08f04803a93b50a
- SHA256
  
  4311e97e616734f94d1aa4d38f37679749ae84513d132aee134fbc364d25b6ec
- SHA512
  
  a2963aeca88f486c519fec957878616182c62ff7fb5f2fda36816678594a4b54192abe56088666328142ddef7479621222de66c5e74a52f69f9756463e417436
Score

10^/10

xloader noi6 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

Query Registry

1

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2