xloader | 03e7588bbb5ace7f22485dee84bf149aa8129504b19b3727bf24ae8b1afd506c | Triage

Submit
Reports

Overview

overview

Static

static

8

Copia_de_p...3.xlsm

windows7_x64

Copia_de_p...3.xlsm

windows10_x64

Sharing

General

Target

Copia_de_pago_12_03.xlsm
Size

197KB
Sample

210312-5d3mrbpb6s
MD5

b5192b8607edf0e0d159f5510576cf24
SHA1

ea830c1f6a158b362cdfd7a1c9ac250efe2143bf
SHA256

03e7588bbb5ace7f22485dee84bf149aa8129504b19b3727bf24ae8b1afd506c
SHA512

3d5548ddb32670faf5df4a5a74c8c766268990c9cd4edafe41b739f352beb0c9927b89abefdc248a65f1f224622d8681d6ba85468331831ca7e0a519e642b4c4

Score

10^/10

xloader loader macro rat

Static task

static1

Behavioral task

behavioral1

Sample

Copia_de_pago_12_03.xlsm

Resource

win7v20201028

xloader loader rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Copia_de_pago_12_03.xlsm

Resource

win10v20201028

xloader loader rat

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

C2

http://www.basiclablife.com/8zdn/

Decoy

yourherogarden.net

onlineharambee.net

cerrajeriaurgencias24horas.com

distritoforex.com

verifyclientserverssr.com

dandwg.com

co2-zero.global

joshssl.com

meckwt.com

theammf.com

rawclectic.com

gzgnetwork.com

richmondavenuecoc.com

nicolelyte.com

thetinyclosetboutique.com

llt-group.net

seven-sky-design.com

joganifinancialgrp.com

elementsvapes.com

bingent.info

quaichshop.net

unethicalsgsblaw.com

matts.digital

lexafit.com

covidwanderings.com

pk972.com

fanashaadivine.com

winharadesigns.com

adosignite.com

goldengatesimmigration.com

unazampanelcuore.com

gasexecutive.com

sdps365.net

worthingtonminnesota.com

ducatsupply.com

beijinghui1.icu

hn-bet.com

homeforsalesteamboat.com

tiaozaoxinlingshou.net

mrbils.net

depuitycollector.com

winningovereating.com

usedonlyrvs.com

verbinoz.com

threepocketmedia.com

lizbing.com

fivestardogfoods.com

edevercal.net

irisettelment.com

beautyphernalia.com

terrawindglobalprotection.net

floridaindian.com

kidzistore.com

kulisbet117.com

logingatech.info

ftdk.net

lawwise.legal

bruthawar.com

lemonpublishing.com

6781529.com

zfxsotc.com

shroomsdrop.com

ahm-app.com

finesilversmith.com

Targets

- Target
  
  Copia_de_pago_12_03.xlsm
- Size
  
  197KB
- MD5
  
  b5192b8607edf0e0d159f5510576cf24
- SHA1
  
  ea830c1f6a158b362cdfd7a1c9ac250efe2143bf
- SHA256
  
  03e7588bbb5ace7f22485dee84bf149aa8129504b19b3727bf24ae8b1afd506c
- SHA512
  
  3d5548ddb32670faf5df4a5a74c8c766268990c9cd4edafe41b739f352beb0c9927b89abefdc248a65f1f224622d8681d6ba85468331831ca7e0a519e642b4c4
Score

10^/10

xloader loader rat
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderloaderrat

behavioral2

xloaderloaderrat

© 2018-2024

Terms | Privacy