xloader | 44ed69358c6ef98ffc0e4da5aee0692f74fd03b8a7ea7c5c3b08f427f32a45e5 | Triage

Sharing

General

Target

44ed69358c6ef98ffc0e4da5aee0692f74fd03b8a7ea7c5c3b08f427f32a45e5
Size

882KB
Sample

220110-s24x3sedh6
MD5

97ccf6ebd6abe7786677f0e6e6b8aef0
SHA1

be06f330c04450b80848d8c5ed680dd8fce61c21
SHA256

44ed69358c6ef98ffc0e4da5aee0692f74fd03b8a7ea7c5c3b08f427f32a45e5
SHA512

0f4d549a3798ba0e9e10bc2e7f680290f5fc5b11c39e3f784cf04c1c0969739d906bd556f5c7f722c4a6d4d2d1ed2ab3246d2e668f03149fa1a033eeff17e761

Score

10^/10

xloader nt3f loader rat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

nt3f

Decoy

tricyclee.com

kxsw999.com

wisteria-pavilion.com

bellaclancy.com

promissioskincare.com

hzy001.xyz

checkouthomehd.com

soladere.com

point4sales.com

socalmafia.com

libertadysarmiento.online

nftthirty.com

digitalgoldcryptostock.net

tulekiloscaird.com

austinfishandchicken.com

wlxxch.com

mgav51.xyz

landbanking.global

saprove.com

babyfaces.skin

Targets

- Target
  
  44ed69358c6ef98ffc0e4da5aee0692f74fd03b8a7ea7c5c3b08f427f32a45e5
- Size
  
  882KB
- MD5
  
  97ccf6ebd6abe7786677f0e6e6b8aef0
- SHA1
  
  be06f330c04450b80848d8c5ed680dd8fce61c21
- SHA256
  
  44ed69358c6ef98ffc0e4da5aee0692f74fd03b8a7ea7c5c3b08f427f32a45e5
- SHA512
  
  0f4d549a3798ba0e9e10bc2e7f680290f5fc5b11c39e3f784cf04c1c0969739d906bd556f5c7f722c4a6d4d2d1ed2ab3246d2e668f03149fa1a033eeff17e761
Score

10^/10

xloader nt3f loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloadernt3floaderrat