xloader | 7da573f1004e4bb9c6979a6ccca45da8998deaa92dd1e318d128ff4888212536 | Triage

Submit
Reports

Overview

overview

Static

static

8

W029621.xls

windows7_x64

W029621.xls

windows10_x64

1

Sharing

General

Target

W029621.xls
Size

342KB
Sample

210420-g4p997k5qj
MD5

dcb68156748e6c71ef5df8d9dddb3ff6
SHA1

ffee33ce2a6b4523a5f7323ca00a7347b1dc986a
SHA256

7da573f1004e4bb9c6979a6ccca45da8998deaa92dd1e318d128ff4888212536
SHA512

eb24bd095799613417aaf3b0d8344af0cfce01d9700379e5e3ed7b8eff3f0d5abd3606866704a871aa0e2469b84ca24ce2416a590711329695ed0e700276186e

Score

10^/10

xloader loader macro macro_on_action persistence rat xlm

Static task

static1

macro xlm macro_on_action

Behavioral task

behavioral1

Sample

W029621.xls

Resource

win7v20210410

xloader loader persistence rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

W029621.xls

Resource

win10v20210410

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.preciousvessel.com/spj6/

Decoy

kdelchev.com

myriamward.com

megaconsulting.pro

sunglassesmu.com

hispanavisionct.com

bodaciousbuffy.com

chuhuu.com

jerexcursion.com

merkabahindustries.com

shaktiroommontreal.com

violet-moon-interior-design.com

pyrosunited.com

89xs.xyz

bestchatonline.com

cubiscoin.com

ianzu.com

playersresearch.com

digitalvl.com

baans-barw.com

yuria-rain.com

littletonautoparts.com

maxstratosband.com

landmarkshoes.com

windhowls.com

boonbang.com

ladylacewig.com

football-highlights.online

ampbetting.com

zuerich-orthopaedics.com

divorcequiz.com

idahooutsiders.com

adindia.online

arsenismiaris.com

cougarjack.net

dtbjx.com

streetfoodaroundtheglobe.com

laosredwood.net

northparkcampground.com

fundacjacd.com

3thaiph.com

devavara.com

artworldmag.com

filans.xyz

kuppers.info

abogusz.art

vesivietnam.com

ourforms.net

qmglg.com

unhackabledream.com

inesatwall.info

my-watch-strap.com

nedafarm.com

myonlinesericing.com

shopjrock.com

altac.pro

hodongfarm.com

alienmisttree.net

miamipopcello.com

normiecat.com

beautybar.sucks

myandroidhead.com

edevlet-giris-hizmetler.com

mamamiafoodies.com

pandagsm.com

Targets

- Target
  
  W029621.xls
- Size
  
  342KB
- MD5
  
  dcb68156748e6c71ef5df8d9dddb3ff6
- SHA1
  
  ffee33ce2a6b4523a5f7323ca00a7347b1dc986a
- SHA256
  
  7da573f1004e4bb9c6979a6ccca45da8998deaa92dd1e318d128ff4888212536
- SHA512
  
  eb24bd095799613417aaf3b0d8344af0cfce01d9700379e5e3ed7b8eff3f0d5abd3606866704a871aa0e2469b84ca24ce2416a590711329695ed0e700276186e
Score

10^/10

xloader loader persistence rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

macroxlmmacro_on_action

behavioral1

xloaderloaderpersistencerat

behavioral2

© 2018-2024

Terms | Privacy