xloader | 1960c78dcdbb4d893abeaf5220fc7a9c53ec0aa43389aa75146d7af4ce5707f1 | Triage

Sharing

General

Target

1960c78dcdbb4d893abeaf5220fc7a9c53ec0aa43389aa75146d7af4ce5707f1
Size

254KB
Sample

211008-vnahesegek
MD5

f3cfacb645a896421d6f9083897e8887
SHA1

4cdd98fb4d53c0f0a067be140f79c43dd873358c
SHA256

1960c78dcdbb4d893abeaf5220fc7a9c53ec0aa43389aa75146d7af4ce5707f1
SHA512

c203b15bc399935e0309070197a2cf51a98cd18ec5d8dfef0dfd75b50a075b1a2c32bebaf73a626c44b6aa7bc60247710221d81f644760a0b54089abed2e207b

Score

10^/10

xloader noha loader rat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

noha

C2

http://www.mglracing.com/noha/

Decoy

iphone13promax.support

trailer-racks.xyz

overseaspoolservice.com

r2d2u.com

dawajeju.com

nextgenproxyvote.com

xn--vhqp8mm8dbtz.group

commonsenserisk.com

cmcqgxtyd.com

data2form.com

bois-applique.com

originallollipop.com

lj0008lj.net

spfldvaccineday.info

phalcosnusa.com

llcmastermachine.com

onlyforu14.rest

bestmarketingautomations.com

officialswitchmusic.com

thepretenseofjustice.com

Targets

- Target
  
  1960c78dcdbb4d893abeaf5220fc7a9c53ec0aa43389aa75146d7af4ce5707f1
- Size
  
  254KB
- MD5
  
  f3cfacb645a896421d6f9083897e8887
- SHA1
  
  4cdd98fb4d53c0f0a067be140f79c43dd873358c
- SHA256
  
  1960c78dcdbb4d893abeaf5220fc7a9c53ec0aa43389aa75146d7af4ce5707f1
- SHA512
  
  c203b15bc399935e0309070197a2cf51a98cd18ec5d8dfef0dfd75b50a075b1a2c32bebaf73a626c44b6aa7bc60247710221d81f644760a0b54089abed2e207b
Score

10^/10

xloader noha loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloadernohaloaderrat