xloader | 21f857a7997892d8c9a725f447b9b7be3ce2451a177fb6286da2deb8853208d9 | Triage

Submit
Reports

Overview

overview

Static

static

invoice.xlsx

windows7_x64

invoice.xlsx

windows10_x64

1

Sharing

General

Target

invoice.xlsx
Size

2.2MB
Sample

210408-5nr7dtc2ns
MD5

a36c4741d6a05389b3a23ff5e5201930
SHA1

aacc6bd68a6b27041ac35148de613dae5423c8a3
SHA256

21f857a7997892d8c9a725f447b9b7be3ce2451a177fb6286da2deb8853208d9
SHA512

71434a45fb41026a4e4c339f1f4daabc1fbf0fe8cc7c434da49bf5a2fc87584b8396dd51fed15e54d8ee0a9e6febbedd003cd377493610576d79e85429ce7d6a

Score

10^/10

xloader loader rat

Static task

static1

Behavioral task

behavioral1

Sample

invoice.xlsx

Resource

win7v20201028

xloader loader rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

invoice.xlsx

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.emergencylocksmithsolutions.com/bei3/

Decoy

cananevrensigorta.com

nyayayacho.com

delta8america.com

info-age.gmbh

magetu.info

illuqon.com

bohathome.com

kellydalva.com

hinkro.com

danlanproproductions.com

skkcabed.com

masnaoto.com

sourcelibre.net

www-1360666.com

ninekimchis.com

sgxzds.com

laysflavorsicons.com

vinkle.net

anazaczarowana.com

verneil.com

moxa-pro.com

chuckkie.com

ree-construction.com

valhallavets.com

familiarealtygroup.com

bavaria-cie.com

weightlossz.net

competitionlawsarvada.legal

samegameparlays.com

sandhillspursuit.com

all-playbet.net

nyiftsuppliersday.com

carrme.com

jinggongyuan.com

nixsit.com

macropools.com

chocolatesbrasilcacau.club

sgfwholesale.net

mybodtonheart.com

raganslandscapingllc.com

fvtnywveba.club

busybeecreates.com

chapterproductions.com

creativesupporters.com

336ac.com

socialmediahomegym.com

lngboiler.com

sirdesmonddesilvaqc.com

imangine.com

daroudi.com

xrpipeline.com

zhongziciliso.com

axelrodglobal.com

warrior.green

serpempirejel.club

nattyvell.com

sy928.com

forttrek.com

travelwithlowbudget.com

arpsmaths.info

essensedesigns.events

prosperfortuna.com

thesingaporeanabroad.com

shopwithdrive.com

Targets

- Target
  
  invoice.xlsx
- Size
  
  2.2MB
- MD5
  
  a36c4741d6a05389b3a23ff5e5201930
- SHA1
  
  aacc6bd68a6b27041ac35148de613dae5423c8a3
- SHA256
  
  21f857a7997892d8c9a725f447b9b7be3ce2451a177fb6286da2deb8853208d9
- SHA512
  
  71434a45fb41026a4e4c339f1f4daabc1fbf0fe8cc7c434da49bf5a2fc87584b8396dd51fed15e54d8ee0a9e6febbedd003cd377493610576d79e85429ce7d6a
Score

10^/10

xloader loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderloaderrat

behavioral2

© 2018-2024

Terms | Privacy