xloader | f0d703d5576faa3ab83d1a7b6cc08ab55599565c64ec97bb59e05449f3a2efce | Triage

Sharing

General

Target

f0d703d5576faa3ab83d1a7b6cc08ab55599565c64ec97bb59e05449f3a2efce
Size

250KB
Sample

220126-sakp5aefa7
MD5

6a4fc759c24fad7472caae24be49eab9
SHA1

698a5efcbcafe01ba8214eb6255803f193981716
SHA256

f0d703d5576faa3ab83d1a7b6cc08ab55599565c64ec97bb59e05449f3a2efce
SHA512

9013add08fda34a917e9ecdb389361a1e390fc48515b9d76558cb3160add9e3873995f17546616c375d091aa63b7f8e691045918938639471fadae977425ccda

Score

10^/10

xloader p2a5 loader rat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

p2a5

Decoy

gorillaslovebananas.com

zonaextasis.com

digitalpravin.online

memorialdoors.com

departmenteindhoven.com

vipulb.com

ruyibao365.com

ynpzz.com

matthewandjessica.com

winfrey2024.com

janetride.com

arairazur.xyz

alltheheads.com

amayawebdesigns.com

califunder.com

blacksource.xyz

farmasi.agency

ilmkibahar.com

thinkcentury.net

eskortclub.com

Targets

- Target
  
  f0d703d5576faa3ab83d1a7b6cc08ab55599565c64ec97bb59e05449f3a2efce
- Size
  
  250KB
- MD5
  
  6a4fc759c24fad7472caae24be49eab9
- SHA1
  
  698a5efcbcafe01ba8214eb6255803f193981716
- SHA256
  
  f0d703d5576faa3ab83d1a7b6cc08ab55599565c64ec97bb59e05449f3a2efce
- SHA512
  
  9013add08fda34a917e9ecdb389361a1e390fc48515b9d76558cb3160add9e3873995f17546616c375d091aa63b7f8e691045918938639471fadae977425ccda
Score

10^/10

xloader p2a5 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderp2a5loaderrat