xloader | 0ca36d4179faaa7e2d12811b06e5db165d51ae4212fff38f877d77c7f688e48f | Triage

Sharing

General

Target

0ca36d4179faaa7e2d12811b06e5db165d51ae4212fff38f877d77c7f688e48f
Size

1.0MB
Sample

220201-jpeyrabeg3
MD5

dc73ad541f075ce3a9fb2a13fb6a4a79
SHA1

690984b552efad0d34c229200c8668f6c5baf8dc
SHA256

0ca36d4179faaa7e2d12811b06e5db165d51ae4212fff38f877d77c7f688e48f
SHA512

9f8524ba33ed35f4eee0292e8b1dede6e305c3787e3e7c43e32b1d9b1f9ccf92209d3a01aec04cbeb94d02e6314be1ca47285738ac5d60e23d81607f32e2f138

Score

10^/10

xloader nt3f loader rat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

nt3f

Decoy

tricyclee.com

kxsw999.com

wisteria-pavilion.com

bellaclancy.com

promissioskincare.com

hzy001.xyz

checkouthomehd.com

soladere.com

point4sales.com

socalmafia.com

libertadysarmiento.online

nftthirty.com

digitalgoldcryptostock.net

tulekiloscaird.com

austinfishandchicken.com

wlxxch.com

mgav51.xyz

landbanking.global

saprove.com

babyfaces.skin

Targets

- Target
  
  0ca36d4179faaa7e2d12811b06e5db165d51ae4212fff38f877d77c7f688e48f
- Size
  
  1.0MB
- MD5
  
  dc73ad541f075ce3a9fb2a13fb6a4a79
- SHA1
  
  690984b552efad0d34c229200c8668f6c5baf8dc
- SHA256
  
  0ca36d4179faaa7e2d12811b06e5db165d51ae4212fff38f877d77c7f688e48f
- SHA512
  
  9f8524ba33ed35f4eee0292e8b1dede6e305c3787e3e7c43e32b1d9b1f9ccf92209d3a01aec04cbeb94d02e6314be1ca47285738ac5d60e23d81607f32e2f138
Score

10^/10

xloader nt3f loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloadernt3floaderrat