xloader | 73b3fa9d738ba7f1e520e06b4760b77d9b044a3f5e96c9e13227255875e43bfa | Triage

Sharing

General

Target

Products.xlsx
Size

446KB
Sample

210408-jmydycrh8x
MD5

aae56ba84519c7b28bba6f8240f2d169
SHA1

a90d2dcf16df76c5db19d2c48cb7148b4b675d75
SHA256

73b3fa9d738ba7f1e520e06b4760b77d9b044a3f5e96c9e13227255875e43bfa
SHA512

114b77853961ff46c52af2d38f4216f570aa5bab1b65d7b973db3725d1cebe9a68fead9e31ac54df2b41d2d3681c12886d09708481a82b1bfc13b52fc1c3395c

Score

10^/10

xloader loader rat

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.paintersdistrictcouncil.com/vu9b/

Decoy

longdoggy.net

gylvs.com

evonnemccray.com

nicemoneymaker.com

baby-schutzen.com

xgahovzm.icu

psdcompany.com

makeupjunkiewholesale.com

vz357.com

carshownet.com

forneyus.com

nfoptic.com

lampacosmetiques.com

newmandu.com

localupdate.net

theartofmajur1.com

bancosecurity.website

cabinhealthy.com

tiprent.com

lloydwellsandassociates.com

Targets

- Target
  
  Products.xlsx
- Size
  
  446KB
- MD5
  
  aae56ba84519c7b28bba6f8240f2d169
- SHA1
  
  a90d2dcf16df76c5db19d2c48cb7148b4b675d75
- SHA256
  
  73b3fa9d738ba7f1e520e06b4760b77d9b044a3f5e96c9e13227255875e43bfa
- SHA512
  
  114b77853961ff46c52af2d38f4216f570aa5bab1b65d7b973db3725d1cebe9a68fead9e31ac54df2b41d2d3681c12886d09708481a82b1bfc13b52fc1c3395c
Score

10^/10

xloader loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderloaderrat

behavioral2