xloader | ec2f5710fdf33c7b843829ebd9f088b15141b643b4354dd92d39b6e290ceca70 | Triage

Sharing

General

Target

ec2f5710fdf33c7b843829ebd9f088b15141b643b4354dd92d39b6e290ceca70
Size

714KB
Sample

220514-qng52scbgm
MD5

f7ecd12d134aaf3541396c78337ce672
SHA1

bb41a84d4f5eef537e41cf4bde375c99bff86a04
SHA256

ec2f5710fdf33c7b843829ebd9f088b15141b643b4354dd92d39b6e290ceca70
SHA512

ef70eb852b370e5f29ca4d27584a3faad34a629c857e135f434b21e483c24fc813fe97fff77eb73dae428fd3e97fb82c3564eae03a18d8bfd0f1a71ba3c9f77a

Score

10^/10

xloader n6g4 loader rat

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

n6g4

Decoy

bw589jumpb.xyz

lojas-marias.com

gadgersvip.com

zeavd.com

moment4miracles.com

wildcanetours.com

executivetravelandlogistics.com

uspplongee.com

schilova.online

smoothie-optics.com

masterima.net

kickball.site

theastralark.com

nick-sylvestro.com

properscooter.com

wave-thermodynamics.com

bitcollide.com

xed5555.com

tsue-sangyo.com

lucianaejoaoalberto.com

Targets

- Target
  
  ec2f5710fdf33c7b843829ebd9f088b15141b643b4354dd92d39b6e290ceca70
- Size
  
  714KB
- MD5
  
  f7ecd12d134aaf3541396c78337ce672
- SHA1
  
  bb41a84d4f5eef537e41cf4bde375c99bff86a04
- SHA256
  
  ec2f5710fdf33c7b843829ebd9f088b15141b643b4354dd92d39b6e290ceca70
- SHA512
  
  ef70eb852b370e5f29ca4d27584a3faad34a629c857e135f434b21e483c24fc813fe97fff77eb73dae428fd3e97fb82c3564eae03a18d8bfd0f1a71ba3c9f77a
Score

10^/10

xloader n6g4 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xloadern6g4loaderrat