xloader | e4999525a5626a76247a8f02a9e08c0ea35f13f717687b8a966cddb72f8adc6f | Triage

Sharing

General

Target

e4999525a5626a76247a8f02a9e08c0ea35f13f717687b8a966cddb72f8adc6f
Size

366KB
Sample

220112-lgj9lscbak
MD5

50376d0b1e8512f7181eff0d87feb534
SHA1

fb5f6fcb930c10abef806138d2839bff3247f973
SHA256

e4999525a5626a76247a8f02a9e08c0ea35f13f717687b8a966cddb72f8adc6f
SHA512

bd3e399c262bbe4e8ef730985162f361ba0469c4995f64a34ac27b401df9573e7957dc46119f2c56f10ba27132ad9cffd411b658fca914add43f33c8830189ea

Score

10^/10

xloader nt3f loader rat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

nt3f

Decoy

tricyclee.com

kxsw999.com

wisteria-pavilion.com

bellaclancy.com

promissioskincare.com

hzy001.xyz

checkouthomehd.com

soladere.com

point4sales.com

socalmafia.com

libertadysarmiento.online

nftthirty.com

digitalgoldcryptostock.net

tulekiloscaird.com

austinfishandchicken.com

wlxxch.com

mgav51.xyz

landbanking.global

saprove.com

babyfaces.skin

Targets

- Target
  
  e4999525a5626a76247a8f02a9e08c0ea35f13f717687b8a966cddb72f8adc6f
- Size
  
  366KB
- MD5
  
  50376d0b1e8512f7181eff0d87feb534
- SHA1
  
  fb5f6fcb930c10abef806138d2839bff3247f973
- SHA256
  
  e4999525a5626a76247a8f02a9e08c0ea35f13f717687b8a966cddb72f8adc6f
- SHA512
  
  bd3e399c262bbe4e8ef730985162f361ba0469c4995f64a34ac27b401df9573e7957dc46119f2c56f10ba27132ad9cffd411b658fca914add43f33c8830189ea
Score

10^/10

xloader nt3f loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloadernt3floaderrat