xloader | 2c0625d46a85f0cf4b43e08abe30cb4ea591cc0a84d9414ec21fda75bef47484 | Triage

Submit
Reports

Overview

overview

Static

static

ASIANA INV...T.xlsx

windows7_x64

ASIANA INV...T.xlsx

windows10_x64

1

Sharing

General

Target

ASIANA INV- L553 PAYMENT SWIFT.xlsx
Size

2.2MB
Sample

210304-y49c8mymn2
MD5

f0a960b15283f180e599491eb1e56be7
SHA1

0477ad566347e79c96b79cbe3bc44ae9b4edcef2
SHA256

2c0625d46a85f0cf4b43e08abe30cb4ea591cc0a84d9414ec21fda75bef47484
SHA512

3ccf50cbf107bf30dcf96a60e11ae2e177e998bd31cfa7857746f8aa69a34c79ebff837f20230235128079fcc94750ad2fe7ee03f9e1a95d09d7b2251af0ed21

Score

10^/10

xloader loader rat

Static task

static1

Behavioral task

behavioral1

Sample

ASIANA INV- L553 PAYMENT SWIFT.xlsx

Resource

win7v20201028

xloader loader rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ASIANA INV- L553 PAYMENT SWIFT.xlsx

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

C2

http://www.856380692.xyz/nsag/

Decoy

usopencoverage.com

5bo5j.com

deliveryourvote.com

bestbuycarpethd.com

worldsourcecloud.com

glowtheblog.com

translations.tools

ithacapella.com

machinerysubway.com

aashlokhospitals.com

athara-kiano.com

anabittencourt.com

hakimkhawatmi.com

fashionwatchesstore.com

krishnagiri.info

tencenttexts.com

kodairo.com

ouitum.club

robertbeauford.net

polling.asia

evoslancete.com

4676sabalkey.com

chechadskeitaro.com

babyhopeful.com

11376.xyz

oryanomer.com

jyxxfy.com

scanourworld.com

thevistadrinksco.com

meow-cafe.com

xfixpros.com

botaniquecouture.com

bkhlep.xyz

mauriciozarate.com

icepolo.com

siyezim.com

myfeezinc.com

nooshone.com

wholesalerbargains.com

winabeel.com

frankfrango.com

patientsbooking.info

ineedahealer.com

thefamilyorchard.net

clericallyco.com

overseaexpert.com

bukaino.net

womens-secrets.love

skinjunkie.site

dccheavydutydiv.net

explorerthecity.com

droneserviceshouston.com

creationsbyjamie.com

profirma-nachfolge.com

oasisbracelet.com

maurobenetti.com

mecs.club

mistressofherdivinity.com

vooronsland.com

navia.world

commagx4.info

caresring.com

yourstrivingforexcellence.com

alpinevalleytimeshares.com

Targets

- Target
  
  ASIANA INV- L553 PAYMENT SWIFT.xlsx
- Size
  
  2.2MB
- MD5
  
  f0a960b15283f180e599491eb1e56be7
- SHA1
  
  0477ad566347e79c96b79cbe3bc44ae9b4edcef2
- SHA256
  
  2c0625d46a85f0cf4b43e08abe30cb4ea591cc0a84d9414ec21fda75bef47484
- SHA512
  
  3ccf50cbf107bf30dcf96a60e11ae2e177e998bd31cfa7857746f8aa69a34c79ebff837f20230235128079fcc94750ad2fe7ee03f9e1a95d09d7b2251af0ed21
Score

10^/10

xloader loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderloaderrat

behavioral2

© 2018-2024

Terms | Privacy