xloader | ae0d62b6b0dd86dd84bd8b67de7dc40130139b8a3be6e5f4c5acea86142a5da3 | Triage

Sharing

General

Target

ae0d62b6b0dd86dd84bd8b67de7dc40130139b8a3be6e5f4c5acea86142a5da3
Size

810KB
Sample

220126-qxmf5adcbq
MD5

dc06649db7eafdb332b7d8f2adb2ebdd
SHA1

a1179b64bcc678631108c8b16ec297838e8499fb
SHA256

ae0d62b6b0dd86dd84bd8b67de7dc40130139b8a3be6e5f4c5acea86142a5da3
SHA512

7d1da393a50faf546cbc023183618254e82362bdaf88e88b21793b4c5279642f1418e1dfa0c4949c654aea38f2e8a91f6b6acc1b07dc0be7fcc25b939679ae50

Score

10^/10

xloader nt3f loader rat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

nt3f

Decoy

tricyclee.com

kxsw999.com

wisteria-pavilion.com

bellaclancy.com

promissioskincare.com

hzy001.xyz

checkouthomehd.com

soladere.com

point4sales.com

socalmafia.com

libertadysarmiento.online

nftthirty.com

digitalgoldcryptostock.net

tulekiloscaird.com

austinfishandchicken.com

wlxxch.com

mgav51.xyz

landbanking.global

saprove.com

babyfaces.skin

Targets

- Target
  
  ae0d62b6b0dd86dd84bd8b67de7dc40130139b8a3be6e5f4c5acea86142a5da3
- Size
  
  810KB
- MD5
  
  dc06649db7eafdb332b7d8f2adb2ebdd
- SHA1
  
  a1179b64bcc678631108c8b16ec297838e8499fb
- SHA256
  
  ae0d62b6b0dd86dd84bd8b67de7dc40130139b8a3be6e5f4c5acea86142a5da3
- SHA512
  
  7d1da393a50faf546cbc023183618254e82362bdaf88e88b21793b4c5279642f1418e1dfa0c4949c654aea38f2e8a91f6b6acc1b07dc0be7fcc25b939679ae50
Score

10^/10

xloader nt3f loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloadernt3floaderrat