Overview

overview

10

Static

static

DYANAMIC Inquiry.xlsx

windows7_x64

10

DYANAMIC Inquiry.xlsx

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DYANAMIC Inquiry.xlsx

  • Size

    2.7MB

  • Sample

    210408-tx6zpj5496

  • MD5

    7590f977659a5cd174b0000a2530cd34

  • SHA1

    969712afc83281312fbffacf8d3d4244635051c4

  • SHA256

    df2d5a069d3e4a4516b14d6a64f6ec16e433cf883556ae1429d1e35c65ffe65f

  • SHA512

    685f5dff7bc6742c037cb202c85a2c466d6c8ceeaf725d2e5639278ee24688697c278db7bc97bd4527ea0371f89ddd7e6c7e5271ee293333eb0ffa22c3703d03

Score
10/10
xloaderloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.adultpeace.com/p2io/

Decoy

essentiallyourscandles.com

cleanxcare.com

bigplatesmallwallet.com

iotcloud.technology

dmgt4m2g8y2uh.net

malcorinmobiliaria.com

thriveglucose.com

fuhaitongxin.com

magetu.info

pyithuhluttaw.net

myfavbutik.com

xzklrhy.com

anewdistraction.com

mercuryaid.net

thesoulrevitalist.com

swayam-moj.com

liminaltechnology.com

lucytime.com

alfenas.info

carmelodesign.com

Targets

    • Target

      DYANAMIC Inquiry.xlsx

    • Size

      2.7MB

    • MD5

      7590f977659a5cd174b0000a2530cd34

    • SHA1

      969712afc83281312fbffacf8d3d4244635051c4

    • SHA256

      df2d5a069d3e4a4516b14d6a64f6ec16e433cf883556ae1429d1e35c65ffe65f

    • SHA512

      685f5dff7bc6742c037cb202c85a2c466d6c8ceeaf725d2e5639278ee24688697c278db7bc97bd4527ea0371f89ddd7e6c7e5271ee293333eb0ffa22c3703d03

    Score
    10/10
    xloaderloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

1
T1203

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks