xloader | ce11e96fe93545cd9d381c440d7e172eebfe7c0e177c6485216313b144c415a3 | Triage

Submit
Reports

Overview

overview

Static

static

Shipping D...s.xlsx

windows7_x64

Shipping D...s.xlsx

windows10_x64

1

Sharing

General

Target

Shipping Documents.xlsx
Size

2.2MB
Sample

210408-lmjy842bg6
MD5

ab599dc3956c9e72ad6187bca6d7d783
SHA1

c06939ab8436da2f3c37d0cece53837960943d19
SHA256

ce11e96fe93545cd9d381c440d7e172eebfe7c0e177c6485216313b144c415a3
SHA512

a28926991314329da86c8e76caeb0793c1f495733fdd5d61347eba55e0e65cdea3a9a02c23d0f912c86429228ab0eef9e010f8cd64dfbccacd5bc7f234d86cb2

Score

10^/10

xloader loader rat

Static task

static1

Behavioral task

behavioral1

Sample

Shipping Documents.xlsx

Resource

win7v20201028

xloader loader rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Shipping Documents.xlsx

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.autotrafficbot.com/evpn/

Decoy

memoriesmade-l.com

babypowah.com

usinggroovefunnels.com

qapjv.com

kp031.com

kinfet.com

markmalls.com

keithforemandesigns.com

fydia.com

jesussaysalllivesmatter.com

sarachavesportela.com

standerup.com

monthlywifi.com

productsoffholland.com

newbieadvice.com

globalnetworkautomation.com

theholisticbirthco.com

physicalrobot.com

thesouthernhomesellers.com

teamcounteract.com

icomplementi.com

jsmsheetmetal.com

jcernadas.com

del-tekzen.com

alekseeva-center.info

arunkapur.com

gregismyrealestateagent.com

soalfintech.com

notrecondourbania.com

alum2alum.network

gototaku.com

moneymakeideas.com

dbdcontractlngllc.com

tor-one.com

walgreenlitigation.com

votestephaniezarb.com

washathome.club

zhuledao.com

sonyjewls.com

oncologyacademe.com

kuppers.info

cgpizza.net

glgshopbd.com

dodson4tulare.com

mishtifarmers.com

a1-2c.com

oligan-gs.com

countrysidehomeinvestors.com

bpro.swiss

fodiyo.com

playelementsgame.com

melhorquesantander.com

jamessicilia.com

abundancewithmelissaharvey.com

vatandoost.com

curiosityisthecurebook.com

o8y8.com

de-knutselkeet.com

advisorsonecall.com

homerangeopen.com

brusselsdesignproject.com

0449888.com

psychicsjaneholden.com

b-sphere.com

Targets

- Target
  
  Shipping Documents.xlsx
- Size
  
  2.2MB
- MD5
  
  ab599dc3956c9e72ad6187bca6d7d783
- SHA1
  
  c06939ab8436da2f3c37d0cece53837960943d19
- SHA256
  
  ce11e96fe93545cd9d381c440d7e172eebfe7c0e177c6485216313b144c415a3
- SHA512
  
  a28926991314329da86c8e76caeb0793c1f495733fdd5d61347eba55e0e65cdea3a9a02c23d0f912c86429228ab0eef9e010f8cd64dfbccacd5bc7f234d86cb2
Score

10^/10

xloader loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Command-Line Interface

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderloaderrat

behavioral2

© 2018-2024

Terms | Privacy