xloader

General

Target

38aed2534480c27c816c57ee6a369f87
Size

489KB
Sample

220208-ymjw9aebbl
MD5

38aed2534480c27c816c57ee6a369f87
SHA1

3a1d97bffba30b52704e8787af93cf1d6a56e16c
SHA256

0418190aadd19ac9ea51c98d516f178ce5378a5d4354d44a9b49ac814b49325e
SHA512

aa3a23b9ac43b2cde9e29a87067a5729d0246e367f4656fe58be3371bb846d2e2d681fcdd2cbf2e4841513b6f3ff677cff75167aab79cbb003d62da1b614f3fa

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

nt3f

Decoy

tricyclee.com

kxsw999.com

wisteria-pavilion.com

bellaclancy.com

promissioskincare.com

hzy001.xyz

checkouthomehd.com

soladere.com

point4sales.com

socalmafia.com

libertadysarmiento.online

nftthirty.com

digitalgoldcryptostock.net

tulekiloscaird.com

austinfishandchicken.com

wlxxch.com

mgav51.xyz

landbanking.global

saprove.com

babyfaces.skin

Targets

- Target
  
  38aed2534480c27c816c57ee6a369f87
- Size
  
  489KB
- MD5
  
  38aed2534480c27c816c57ee6a369f87
- SHA1
  
  3a1d97bffba30b52704e8787af93cf1d6a56e16c
- SHA256
  
  0418190aadd19ac9ea51c98d516f178ce5378a5d4354d44a9b49ac814b49325e
- SHA512
  
  aa3a23b9ac43b2cde9e29a87067a5729d0246e367f4656fe58be3371bb846d2e2d681fcdd2cbf2e4841513b6f3ff677cff75167aab79cbb003d62da1b614f3fa
Score

10^/10

xloader nt3f loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2