xloader | 0944f78b8f2bd0e3a08c56793f90cc82ac064789018cf04a2fde5476055d1214 | Triage

Submit
Reports

Overview

overview

Static

static

inquiry10204168.xlsx

windows7_x64

inquiry10204168.xlsx

windows10_x64

1

Sharing

General

Target

inquiry10204168.xlsx
Size

2.4MB
Sample

210305-h1dkceqq4n
MD5

d21391378bff7acab49dfce8761978f1
SHA1

c4a02857537b6b300f7ad279a6fe5660a473bda2
SHA256

0944f78b8f2bd0e3a08c56793f90cc82ac064789018cf04a2fde5476055d1214
SHA512

b2d7100141d27f01f3bf369a41b143350f94d01cb923995edd028d0c148e6b97660164f8d9b610cecde22d28db1dccc979f5942adc3bbd65f3d41e5396c08edb

Score

10^/10

xloader loader rat

Static task

static1

Behavioral task

behavioral1

Sample

inquiry10204168.xlsx

Resource

win7v20201028

xloader loader rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

inquiry10204168.xlsx

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

C2

http://www.856380692.xyz/nsag/

Decoy

usopencoverage.com

5bo5j.com

deliveryourvote.com

bestbuycarpethd.com

worldsourcecloud.com

glowtheblog.com

translations.tools

ithacapella.com

machinerysubway.com

aashlokhospitals.com

athara-kiano.com

anabittencourt.com

hakimkhawatmi.com

fashionwatchesstore.com

krishnagiri.info

tencenttexts.com

kodairo.com

ouitum.club

robertbeauford.net

polling.asia

evoslancete.com

4676sabalkey.com

chechadskeitaro.com

babyhopeful.com

11376.xyz

oryanomer.com

jyxxfy.com

scanourworld.com

thevistadrinksco.com

meow-cafe.com

xfixpros.com

botaniquecouture.com

bkhlep.xyz

mauriciozarate.com

icepolo.com

siyezim.com

myfeezinc.com

nooshone.com

wholesalerbargains.com

winabeel.com

frankfrango.com

patientsbooking.info

ineedahealer.com

thefamilyorchard.net

clericallyco.com

overseaexpert.com

bukaino.net

womens-secrets.love

skinjunkie.site

dccheavydutydiv.net

explorerthecity.com

droneserviceshouston.com

creationsbyjamie.com

profirma-nachfolge.com

oasisbracelet.com

maurobenetti.com

mecs.club

mistressofherdivinity.com

vooronsland.com

navia.world

commagx4.info

caresring.com

yourstrivingforexcellence.com

alpinevalleytimeshares.com

Targets

- Target
  
  inquiry10204168.xlsx
- Size
  
  2.4MB
- MD5
  
  d21391378bff7acab49dfce8761978f1
- SHA1
  
  c4a02857537b6b300f7ad279a6fe5660a473bda2
- SHA256
  
  0944f78b8f2bd0e3a08c56793f90cc82ac064789018cf04a2fde5476055d1214
- SHA512
  
  b2d7100141d27f01f3bf369a41b143350f94d01cb923995edd028d0c148e6b97660164f8d9b610cecde22d28db1dccc979f5942adc3bbd65f3d41e5396c08edb
Score

10^/10

xloader loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderloaderrat

behavioral2

© 2018-2024

Terms | Privacy