xloader

General

Target

Notificação_de_transferência_efetuada-Santander.exe
Size

660KB
Sample

211011-ner8jshadl
MD5

efb464ece5f5aa332a60d241aa93a74f
SHA1

1b07ef42b7d91b71600f7512e6eb7248510b2330
SHA256

7384a61fc69ce24610f7c4658c2ef8786c4cdc5d6ad6b33d1a9f506d6b6388d3
SHA512

86c4b630151a648ed004e543996eba2d9a54dfb14de71b1f38f2e4fe4881c4e2a8b7e2c7f6c52876d8f3eb4406b0c12c349861e024de40568306b3505bd3ef82

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ons6

C2

http://www.parasitevhs.net/ons6/

Decoy

946acc.net

ilkermulla.com

edificationhub.com

aptbaby.com

luisrgonzalez.com

postandpine.com

objective-object.com

storeydrive.rentals

mobile-find.com

africanbridaluk.com

zzjn12.xyz

ritechoiceinvestmentgroup.com

zitzies.xyz

trulyproofreading.com

ktndetermine.xyz

advertising.land

keywordgomuwk.xyz

niecliomusicspirit.com

lhortelecom.com

cryptochieftan.com

Targets

- Target
  
  Notificação_de_transferência_efetuada-Santander.exe
- Size
  
  660KB
- MD5
  
  efb464ece5f5aa332a60d241aa93a74f
- SHA1
  
  1b07ef42b7d91b71600f7512e6eb7248510b2330
- SHA256
  
  7384a61fc69ce24610f7c4658c2ef8786c4cdc5d6ad6b33d1a9f506d6b6388d3
- SHA512
  
  86c4b630151a648ed004e543996eba2d9a54dfb14de71b1f38f2e4fe4881c4e2a8b7e2c7f6c52876d8f3eb4406b0c12c349861e024de40568306b3505bd3ef82
Score

10^/10

xloader ons6 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2