xloader | 89a5384b284e44d23891f6b22590f0194c4ac0b2b6507bb51fa678ede6d6069a | Triage

Sharing

General

Target

89a5384b284e44d23891f6b22590f0194c4ac0b2b6507bb51fa678ede6d6069a
Size

250KB
Sample

220130-z1fbnabdh2
MD5

fe1b3c933234d3a68d7b0722a177ba07
SHA1

7a2c6caf667483e57b9c183935e83c435ff5efd4
SHA256

89a5384b284e44d23891f6b22590f0194c4ac0b2b6507bb51fa678ede6d6069a
SHA512

6c348997afe6d4a559a49a93eb7e9d1d27c6b81d48ada5113f6a59ad6f7df69bb69cdc6a65e9e2a86e26b640efb39d73582a92dc43c414e06b341be7e680e22d

Score

10^/10

xloader ndf8 loader rat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ndf8

Decoy

cantobait.com

theangularteam.com

qq2222.xyz

floridasteamclean.com

daffodilhilldesigns.com

mindfulagilecoaching.com

xbyll.com

jessicaepedro2021.net

ccssv.top

zenginbilgiler.com

partumball.com

1681890.com

schippermediaproductions.com

m2volleyballclub.com

ooiase.com

sharingtechnology.net

kiminplaka.com

usedgeartrader.com

cosyba.com

foodfriendshipandyou.com

Targets

- Target
  
  89a5384b284e44d23891f6b22590f0194c4ac0b2b6507bb51fa678ede6d6069a
- Size
  
  250KB
- MD5
  
  fe1b3c933234d3a68d7b0722a177ba07
- SHA1
  
  7a2c6caf667483e57b9c183935e83c435ff5efd4
- SHA256
  
  89a5384b284e44d23891f6b22590f0194c4ac0b2b6507bb51fa678ede6d6069a
- SHA512
  
  6c348997afe6d4a559a49a93eb7e9d1d27c6b81d48ada5113f6a59ad6f7df69bb69cdc6a65e9e2a86e26b640efb39d73582a92dc43c414e06b341be7e680e22d
Score

10^/10

xloader ndf8 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderndf8loaderrat