xloader | 0d5ed941ed1f15a168cdd5be0abc6b9a0806ae42c267f7eb5ca35f5697fdf346 | Triage

Submit
Reports

Overview

overview

Static

static

Quotation ...g.xlsx

windows7_x64

Quotation ...g.xlsx

windows10_x64

1

Sharing

General

Target

Quotation Zhejiang.xlsx
Size

2.5MB
Sample

210408-twsk5x81kx
MD5

a783de23277908ff94909e76e010e774
SHA1

1439eb6b441bbe2723cb05829011a9fd415caafb
SHA256

0d5ed941ed1f15a168cdd5be0abc6b9a0806ae42c267f7eb5ca35f5697fdf346
SHA512

7d31e27c69bad458c21bd8775970645c0b257b2e8e0e592b1b40bd79725544d98643ae96d51a4322dcc88f749522d245ac9821238b8421c63a3a7715ef7bac85

Score

10^/10

xloader loader rat

Static task

static1

Behavioral task

behavioral1

Sample

Quotation Zhejiang.xlsx

Resource

win7v20201028

xloader loader rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Quotation Zhejiang.xlsx

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.stone-master.info/aqu2/

Decoy

thesixteenthround.net

nagoyadoori.xyz

bipv.company

imaginus-posters.com

heliumhubs.com

baohood.com

thesahwfam.com

susanlevinedesign.com

pdxcontracttracer.com

shopathamiltons.com

qcmax.com

didongthongminh.store

igotbacon.com

5915599.com

seacrestonsietakey.com

bumiflowers.com

arcax.info

lfhis.com

mlqconsultores.com

duilian2013.com

pmrack.com

zayo.today

latiina.space

fitandfierceathletics.com

printerpartsuk.com

xn--2021-kmd.com

shujahumayun.com

younitygroup.com

serinelab.com

infinapisoft.com

administrativoinform.photos

all4mortuary.com

annaschenck.xyz

christlicheliebe.net

starr2021.com

familierafting-aktiviteter.com

thunderoffroadresort.com

mex33.info

serversexposed.com

chronicbodypaintherapy.com

billionaireblinggg.com

permanentmarkertattoo.com

albestfab.com

biehnrecords.com

yesonmeasurec.vote

bootstrapexpress.com

howtopreventwaterpollution.com

fatlosszone4u.com

hostvngiare.com

dottproject.com

appgusher.com

playfulpainters.com

gab.expert

18598853855.com

bizcebozca.com

bedpee.com

militaryhistorytv.com

teluguc.net

420vaca.com

ritarkomondal.com

autobrehna.com

happlyending.com

arcticblastairheat.com

urbanladder.info

Targets

- Target
  
  Quotation Zhejiang.xlsx
- Size
  
  2.5MB
- MD5
  
  a783de23277908ff94909e76e010e774
- SHA1
  
  1439eb6b441bbe2723cb05829011a9fd415caafb
- SHA256
  
  0d5ed941ed1f15a168cdd5be0abc6b9a0806ae42c267f7eb5ca35f5697fdf346
- SHA512
  
  7d31e27c69bad458c21bd8775970645c0b257b2e8e0e592b1b40bd79725544d98643ae96d51a4322dcc88f749522d245ac9821238b8421c63a3a7715ef7bac85
Score

10^/10

xloader loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderloaderrat

behavioral2

© 2018-2024

Terms | Privacy