xloader | 8ad6a7b3eabe8b13dac49c87671807b8185f42e9c3bd6ac94c33f4ab3435bd60 | Triage

Sharing

General

Target

8ad6a7b3eabe8b13dac49c87671807b8185f42e9c3bd6ac94c33f4ab3435bd60
Size

404KB
Sample

220112-qv6f8acfc6
MD5

bab6e1a8f9654f390192b69e25418de5
SHA1

0740a5161c3a065a84b4caf0bc194f1736ba79df
SHA256

8ad6a7b3eabe8b13dac49c87671807b8185f42e9c3bd6ac94c33f4ab3435bd60
SHA512

1143cc6133e3e6731e15e71cbe87398c90cb2e80fcfff6fb3ee115b2f543b677c48e907fde940898b3ffd0ded89cd21239cbfdd5e72e2555a7f03be4e09b23a8

Score

10^/10

xloader nt3f loader rat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

nt3f

Decoy

tricyclee.com

kxsw999.com

wisteria-pavilion.com

bellaclancy.com

promissioskincare.com

hzy001.xyz

checkouthomehd.com

soladere.com

point4sales.com

socalmafia.com

libertadysarmiento.online

nftthirty.com

digitalgoldcryptostock.net

tulekiloscaird.com

austinfishandchicken.com

wlxxch.com

mgav51.xyz

landbanking.global

saprove.com

babyfaces.skin

Targets

- Target
  
  8ad6a7b3eabe8b13dac49c87671807b8185f42e9c3bd6ac94c33f4ab3435bd60
- Size
  
  404KB
- MD5
  
  bab6e1a8f9654f390192b69e25418de5
- SHA1
  
  0740a5161c3a065a84b4caf0bc194f1736ba79df
- SHA256
  
  8ad6a7b3eabe8b13dac49c87671807b8185f42e9c3bd6ac94c33f4ab3435bd60
- SHA512
  
  1143cc6133e3e6731e15e71cbe87398c90cb2e80fcfff6fb3ee115b2f543b677c48e907fde940898b3ffd0ded89cd21239cbfdd5e72e2555a7f03be4e09b23a8
Score

10^/10

xloader nt3f loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloadernt3floaderrat