xloader | a2350a5de6de03952d1a75a6135bc92690500e13854d481338bb07aa011bfcd5 | Triage

Sharing

General

Target

a2350a5de6de03952d1a75a6135bc92690500e13854d481338bb07aa011bfcd5
Size

400KB
Sample

220113-shmvfsbac8
MD5

97d27b18d29a1c75d82c8877c61e37e8
SHA1

538eaaa9a9f4dc60e672cb0c0649e4412429d0c7
SHA256

a2350a5de6de03952d1a75a6135bc92690500e13854d481338bb07aa011bfcd5
SHA512

42970720ad539183d94e5db9ea23ca8c472293cd58284e0144b229fa4743bed31b85453ea6b9fbc3115704b5e74db56fc12219b32c9927903147f74b2f00650f

Score

10^/10

xloader i5nb loader rat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

i5nb

Decoy

integratedheartspsychology.com

tappsis.land

norfg.com

1531700.win

oneplusoneexperience.com

circlessalaries.com

tlcremodelingcompany.com

susalud.info

liyanghua.club

pink-zemi.com

orphe.biz

themodelclarified.com

candidate.tools

morotrip.com

d2dfms.com

leisuresabah.com

bjbwx114.com

lz-fcaini1718-hw0917-bs.xyz

at-commerce-co.net

buymypolicy.net

Targets

- Target
  
  a2350a5de6de03952d1a75a6135bc92690500e13854d481338bb07aa011bfcd5
- Size
  
  400KB
- MD5
  
  97d27b18d29a1c75d82c8877c61e37e8
- SHA1
  
  538eaaa9a9f4dc60e672cb0c0649e4412429d0c7
- SHA256
  
  a2350a5de6de03952d1a75a6135bc92690500e13854d481338bb07aa011bfcd5
- SHA512
  
  42970720ad539183d94e5db9ea23ca8c472293cd58284e0144b229fa4743bed31b85453ea6b9fbc3115704b5e74db56fc12219b32c9927903147f74b2f00650f
Score

10^/10

xloader i5nb loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderi5nbloaderrat