xloader | 11d9365302786fe34113c070a9e6ed32a7209c8de10eb21ef8d4a8eeb1215d41 | Triage

Sharing

General

Target

11d9365302786fe34113c070a9e6ed32a7209c8de10eb21ef8d4a8eeb1215d41
Size

782KB
Sample

220131-mpff3ahabp
MD5

076b5c48111ac20de4e6f72cfa3393f1
SHA1

06439b289cdfdd08164d4bed0c7f6f2d92d8c769
SHA256

11d9365302786fe34113c070a9e6ed32a7209c8de10eb21ef8d4a8eeb1215d41
SHA512

a7da7825eb785b0fa31979af5c1bf9010f18cbf7f61b6b0dfc9ef9dae845d345b2df47f53a07dae012d5c33f3f890ece2473477faf33ef59aeeddaba28c18b2b

Score

10^/10

xloader nt3f loader rat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

nt3f

Decoy

tricyclee.com

kxsw999.com

wisteria-pavilion.com

bellaclancy.com

promissioskincare.com

hzy001.xyz

checkouthomehd.com

soladere.com

point4sales.com

socalmafia.com

libertadysarmiento.online

nftthirty.com

digitalgoldcryptostock.net

tulekiloscaird.com

austinfishandchicken.com

wlxxch.com

mgav51.xyz

landbanking.global

saprove.com

babyfaces.skin

Targets

- Target
  
  11d9365302786fe34113c070a9e6ed32a7209c8de10eb21ef8d4a8eeb1215d41
- Size
  
  782KB
- MD5
  
  076b5c48111ac20de4e6f72cfa3393f1
- SHA1
  
  06439b289cdfdd08164d4bed0c7f6f2d92d8c769
- SHA256
  
  11d9365302786fe34113c070a9e6ed32a7209c8de10eb21ef8d4a8eeb1215d41
- SHA512
  
  a7da7825eb785b0fa31979af5c1bf9010f18cbf7f61b6b0dfc9ef9dae845d345b2df47f53a07dae012d5c33f3f890ece2473477faf33ef59aeeddaba28c18b2b
Score

10^/10

xloader nt3f loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloadernt3floaderrat