xloader

General

Target

550160d122f85c9502a7a8e219dc68f3
Size

458KB
Sample

220120-zm5pdsbfc9
MD5

550160d122f85c9502a7a8e219dc68f3
SHA1

fd2833f0eea85cccc795ffe375d1503a0df739bf
SHA256

da99d68a728c3a14d186c03c30b551914fe57073f231d334be7955131cb5f921
SHA512

91bb9d6eb11d86c928efbcab59e96263114be910f73629d0f356e47e5424bb0aedfa8629cf19f789ecda61e1f7ee7f00963d7c47c18b25922dc487c9f293f00c

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

nt3f

Decoy

tricyclee.com

kxsw999.com

wisteria-pavilion.com

bellaclancy.com

promissioskincare.com

hzy001.xyz

checkouthomehd.com

soladere.com

point4sales.com

socalmafia.com

libertadysarmiento.online

nftthirty.com

digitalgoldcryptostock.net

tulekiloscaird.com

austinfishandchicken.com

wlxxch.com

mgav51.xyz

landbanking.global

saprove.com

babyfaces.skin

Targets

- Target
  
  550160d122f85c9502a7a8e219dc68f3
- Size
  
  458KB
- MD5
  
  550160d122f85c9502a7a8e219dc68f3
- SHA1
  
  fd2833f0eea85cccc795ffe375d1503a0df739bf
- SHA256
  
  da99d68a728c3a14d186c03c30b551914fe57073f231d334be7955131cb5f921
- SHA512
  
  91bb9d6eb11d86c928efbcab59e96263114be910f73629d0f356e47e5424bb0aedfa8629cf19f789ecda61e1f7ee7f00963d7c47c18b25922dc487c9f293f00c
Score

10^/10

xloader nt3f loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2