xloader | 60ba049b8af0c51a8dfbc45cacedef4180000b7739c937d22d8cbd66d4c6a8a8 | Triage

Sharing

General

Target

cff1c6e614073690e4d50e5be7171867
Size

796KB
Sample

220207-lghe1sagg6
MD5

cff1c6e614073690e4d50e5be7171867
SHA1

ee12463b724b32dbbcc139c1e62b69aadbee74e4
SHA256

60ba049b8af0c51a8dfbc45cacedef4180000b7739c937d22d8cbd66d4c6a8a8
SHA512

a0e939c7e26a32633a98a7dd34935bcacdb4be35a4bf4200072d5cb6141dc32ebf0f8a1b16ab30b1a38472044c5681cc6ddeef56f1016d9e725f1fdbf82cd587

Score

10^/10

xloader nt3f loader rat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

nt3f

Decoy

tricyclee.com

kxsw999.com

wisteria-pavilion.com

bellaclancy.com

promissioskincare.com

hzy001.xyz

checkouthomehd.com

soladere.com

point4sales.com

socalmafia.com

libertadysarmiento.online

nftthirty.com

digitalgoldcryptostock.net

tulekiloscaird.com

austinfishandchicken.com

wlxxch.com

mgav51.xyz

landbanking.global

saprove.com

babyfaces.skin

Targets

- Target
  
  cff1c6e614073690e4d50e5be7171867
- Size
  
  796KB
- MD5
  
  cff1c6e614073690e4d50e5be7171867
- SHA1
  
  ee12463b724b32dbbcc139c1e62b69aadbee74e4
- SHA256
  
  60ba049b8af0c51a8dfbc45cacedef4180000b7739c937d22d8cbd66d4c6a8a8
- SHA512
  
  a0e939c7e26a32633a98a7dd34935bcacdb4be35a4bf4200072d5cb6141dc32ebf0f8a1b16ab30b1a38472044c5681cc6ddeef56f1016d9e725f1fdbf82cd587
Score

10^/10

xloader nt3f loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloadernt3floaderrat

behavioral2