xloader | 7d1119a09c3f150ab964941c3a539fa3d1257cdb980df7e1535012378ae3974e | Triage

Sharing

General

Target

7d1119a09c3f150ab964941c3a539fa3d1257cdb980df7e1535012378ae3974e
Size

253KB
Sample

211021-1aj3labffq
MD5

5e9c6466f89089a73465bec3e84f6731
SHA1

7faa635ff81bf5a1ff5b56109f9d0a7088b5c1d1
SHA256

7d1119a09c3f150ab964941c3a539fa3d1257cdb980df7e1535012378ae3974e
SHA512

84241a9a1d1e700c52a736cf9d1225300c4d5c14485533aa08429b2c01f0d712067ba90c334ec474f997d8686e8433b08d1e5c925b6aeda6892c71cd17ad842b

Score

10^/10

xloader ons6 loader rat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ons6

C2

http://www.parasitevhs.net/ons6/

Decoy

946acc.net

ilkermulla.com

edificationhub.com

aptbaby.com

luisrgonzalez.com

postandpine.com

objective-object.com

storeydrive.rentals

mobile-find.com

africanbridaluk.com

zzjn12.xyz

ritechoiceinvestmentgroup.com

zitzies.xyz

trulyproofreading.com

ktndetermine.xyz

advertising.land

keywordgomuwk.xyz

niecliomusicspirit.com

lhortelecom.com

cryptochieftan.com

Targets

- Target
  
  7d1119a09c3f150ab964941c3a539fa3d1257cdb980df7e1535012378ae3974e
- Size
  
  253KB
- MD5
  
  5e9c6466f89089a73465bec3e84f6731
- SHA1
  
  7faa635ff81bf5a1ff5b56109f9d0a7088b5c1d1
- SHA256
  
  7d1119a09c3f150ab964941c3a539fa3d1257cdb980df7e1535012378ae3974e
- SHA512
  
  84241a9a1d1e700c52a736cf9d1225300c4d5c14485533aa08429b2c01f0d712067ba90c334ec474f997d8686e8433b08d1e5c925b6aeda6892c71cd17ad842b
Score

10^/10

xloader ons6 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderons6loaderrat