xloader | d5602c843c62b0a5ec27f595ca64c47ece77e57ad062c7124a8c24d536c757fd | Triage

Sharing

General

Target

d5602c843c62b0a5ec27f595ca64c47ece77e57ad062c7124a8c24d536c757fd
Size

442KB
Sample

220125-3l7n5shhf5
MD5

0e41f5a8d7c7ee29775006dc58c8472e
SHA1

ca4211c8036067cf32474d667c37bf582d0e32d7
SHA256

d5602c843c62b0a5ec27f595ca64c47ece77e57ad062c7124a8c24d536c757fd
SHA512

cccd05bd810f57246d001bfdb8d8f0678ea8dd9b94593fb6b270e94f137f1ff7e9cd31e1dd83bcce9ee55958fbfc26d7543f3f9a47a053aa35570586f988cee8

Score

10^/10

xloader pnug loader rat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

pnug

Decoy

natureate.com

ita-pots.website

sucohansmushroom.com

produrielrosen.com

gosystemupdatenow.online

jiskra.art

janwiench.com

norfolkfoodhall.com

iloveaddictss.com

pogozip.com

buyinstapva.com

teardirectionfreedom.xyz

0205168.com

apaixonadosporpugs.online

jawscoinc.com

crafter.quest

wikipedianow.com

radiopuls.net

kendama-co.com

goodstudycanada.com

Targets

- Target
  
  d5602c843c62b0a5ec27f595ca64c47ece77e57ad062c7124a8c24d536c757fd
- Size
  
  442KB
- MD5
  
  0e41f5a8d7c7ee29775006dc58c8472e
- SHA1
  
  ca4211c8036067cf32474d667c37bf582d0e32d7
- SHA256
  
  d5602c843c62b0a5ec27f595ca64c47ece77e57ad062c7124a8c24d536c757fd
- SHA512
  
  cccd05bd810f57246d001bfdb8d8f0678ea8dd9b94593fb6b270e94f137f1ff7e9cd31e1dd83bcce9ee55958fbfc26d7543f3f9a47a053aa35570586f988cee8
Score

10^/10

xloader pnug loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderpnugloaderrat