xloader | 0377503f9ea4c7434be2f46af869900b9839be33121edcbdeeae9b8d8e0cdcce | Triage

Sharing

General

Target

0377503f9ea4c7434be2f46af869900b9839be33121edcbdeeae9b8d8e0cdcce
Size

480KB
Sample

220131-jk2a7ahdf5
MD5

26663089f8c68e799360aedc5b1a0b30
SHA1

ba7a6cbc65e8112e06bac1bd9f82eeeaa60df7bf
SHA256

0377503f9ea4c7434be2f46af869900b9839be33121edcbdeeae9b8d8e0cdcce
SHA512

3ba6184a8e92bc235066f7bb6f6234feb83109393961d0db76a303f3ed7d2517e2dc57f0b8e0969297aa1e7d4b83bf4a0f7c6d13cd95e74c857a56254a5e1e82

Score

10^/10

xloader nt3f loader rat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

nt3f

Decoy

tricyclee.com

kxsw999.com

wisteria-pavilion.com

bellaclancy.com

promissioskincare.com

hzy001.xyz

checkouthomehd.com

soladere.com

point4sales.com

socalmafia.com

libertadysarmiento.online

nftthirty.com

digitalgoldcryptostock.net

tulekiloscaird.com

austinfishandchicken.com

wlxxch.com

mgav51.xyz

landbanking.global

saprove.com

babyfaces.skin

Targets

- Target
  
  0377503f9ea4c7434be2f46af869900b9839be33121edcbdeeae9b8d8e0cdcce
- Size
  
  480KB
- MD5
  
  26663089f8c68e799360aedc5b1a0b30
- SHA1
  
  ba7a6cbc65e8112e06bac1bd9f82eeeaa60df7bf
- SHA256
  
  0377503f9ea4c7434be2f46af869900b9839be33121edcbdeeae9b8d8e0cdcce
- SHA512
  
  3ba6184a8e92bc235066f7bb6f6234feb83109393961d0db76a303f3ed7d2517e2dc57f0b8e0969297aa1e7d4b83bf4a0f7c6d13cd95e74c857a56254a5e1e82
Score

10^/10

xloader nt3f loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloadernt3floaderrat