xloader | 7cbd8cc35b03d65491ad01b6a44b84dc047e6663189554201c24dbfbeb81473c | Triage

Sharing

General

Target

7cbd8cc35b03d65491ad01b6a44b84dc047e6663189554201c24dbfbeb81473c
Size

265KB
Sample

220217-m3xx9sbaf4
MD5

4970230d4407b52f58d85d745b3bae59
SHA1

41c4ad2fe69e8d035223df728db3a1ebdc65cbab
SHA256

7cbd8cc35b03d65491ad01b6a44b84dc047e6663189554201c24dbfbeb81473c
SHA512

1cf6fac3cd522f7a5aa0d92b83f89f21bc31bc5116bde415b1acccf9b0810048643d4ef6d77d9ffe8f8e27aa4c13000f93abbfaedec9b8269bd263b8287a2420

Score

10^/10

xloader p2a5 loader rat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

p2a5

Decoy

gorillaslovebananas.com

zonaextasis.com

digitalpravin.online

memorialdoors.com

departmenteindhoven.com

vipulb.com

ruyibao365.com

ynpzz.com

matthewandjessica.com

winfrey2024.com

janetride.com

arairazur.xyz

alltheheads.com

amayawebdesigns.com

califunder.com

blacksource.xyz

farmasi.agency

ilmkibahar.com

thinkcentury.net

eskortclub.com

Targets

- Target
  
  7cbd8cc35b03d65491ad01b6a44b84dc047e6663189554201c24dbfbeb81473c
- Size
  
  265KB
- MD5
  
  4970230d4407b52f58d85d745b3bae59
- SHA1
  
  41c4ad2fe69e8d035223df728db3a1ebdc65cbab
- SHA256
  
  7cbd8cc35b03d65491ad01b6a44b84dc047e6663189554201c24dbfbeb81473c
- SHA512
  
  1cf6fac3cd522f7a5aa0d92b83f89f21bc31bc5116bde415b1acccf9b0810048643d4ef6d77d9ffe8f8e27aa4c13000f93abbfaedec9b8269bd263b8287a2420
Score

10^/10

xloader p2a5 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderp2a5loaderrat