xloader

General

Target

ae534f8ee5cc7d3d9345d4b97db45f8a.exe
Size

249KB
Sample

220127-qxy5xsdedl
MD5

ae534f8ee5cc7d3d9345d4b97db45f8a
SHA1

93f37d06fc07fd90323eb3cd1eb316ed8fc3292e
SHA256

ffebbdfbf43481f261924e72b9c3acb4b503d41549ab926015159af4d1f7f1fc
SHA512

446267307baf55a6ae8dc3aca47f5b18171d4612ef237c5241258f8d74805344e376e81396c73c157d19e9642ea5feae9199740ddb8bf23770663d51b940a54f

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ndf8

Decoy

cantobait.com

theangularteam.com

qq2222.xyz

floridasteamclean.com

daffodilhilldesigns.com

mindfulagilecoaching.com

xbyll.com

jessicaepedro2021.net

ccssv.top

zenginbilgiler.com

partumball.com

1681890.com

schippermediaproductions.com

m2volleyballclub.com

ooiase.com

sharingtechnology.net

kiminplaka.com

usedgeartrader.com

cosyba.com

foodfriendshipandyou.com

Targets

- Target
  
  ae534f8ee5cc7d3d9345d4b97db45f8a.exe
- Size
  
  249KB
- MD5
  
  ae534f8ee5cc7d3d9345d4b97db45f8a
- SHA1
  
  93f37d06fc07fd90323eb3cd1eb316ed8fc3292e
- SHA256
  
  ffebbdfbf43481f261924e72b9c3acb4b503d41549ab926015159af4d1f7f1fc
- SHA512
  
  446267307baf55a6ae8dc3aca47f5b18171d4612ef237c5241258f8d74805344e376e81396c73c157d19e9642ea5feae9199740ddb8bf23770663d51b940a54f
Score

10^/10

xloader ndf8 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2