xloader | 67d398e11b6229ba7fd8895f73dc96ff99fd50a2f6c7360938e0a4eb748a18e8 | Triage

Submit
Reports

Overview

overview

Static

static

evaluation quote.docx

windows7_x64

evaluation quote.docx

windows10_x64

1

Sharing

General

Target

evaluation quote.docx
Size

10KB
Sample

210420-gelmm8395e
MD5

bd609da0d3cc74098b2e771b8fce0915
SHA1

b7058fe67f5f769995f77294975a4d8688ffa1e0
SHA256

67d398e11b6229ba7fd8895f73dc96ff99fd50a2f6c7360938e0a4eb748a18e8
SHA512

82ecf121b3f89055c633640e99ce62a09c9eab01588c79653b36347259d13a37883f46913b8a43b70ccc8753cf5255e02b4f546e22f2d93718e82007949fe1db

Score

10^/10

xloader loader rat websettings

Static task

static1

Behavioral task

behavioral1

Sample

evaluation quote.docx

Resource

win7v20210410

xloader loader rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

evaluation quote.docx

Resource

win10v20210410

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Rule

Microsoft Office WebSettings Relationship

C2

http://23.95.122.25/-..-/......dot

Extracted

Family

xloader

Version

2.3

C2

http://www.nyclgbxyi.icu/u6nq/

Decoy

lamailefr.com

creativesword.com

mpconnextions.com

tureture-diary.net

ateamtotalcare.com

ihealthsauna.com

contex33.xyz

hotege.club

candiceco.com

southerntwistent.com

foivgohl.com

azetheelynn.art

galsmith.com

alphaquantumfunds.site

mursiony.club

ajobfit.com

resourceunits.com

metropolitanez.net

shaohuizq.com

tedbagsstore.com

hvygcj.com

anthonyfry.com

drinkjoisi.com

webgomo.com

k12paymemtcenter.com

pal-photo.net

gzlcwl.com

robertbunisrealestate.com

visitaswede.com

budo.team

goodreality1.com

kenkelconsulting.com

niuzaiapp.com

bookjoegandelman.com

deluzultravioleta.com

achievecake.com

bluehensolutions.com

findthesmartphone.com

205southsignalstojai.com

risk-neutralport.com

moongoodies.com

elevatedeventcatering.com

nubiaurquizopeluqueria.com

j2ztvwx5dz.club

csnturkiye.com

unsoldauctionproperties.com

sharkorderusa.com

apexmaintenancegroup.com

nakedlies.net

allthe-things.com

yourfaithinluck.com

seniorflying.com

downy.sucks

yocontramismostros.com

ine.expert

rockfirenola.com

vssop.xyz

xn--3bss1rzz1apulk7k.com

hearts2give.com

littlecreatorz.com

ericthelefty.com

setosahealth.com

legalopinion.guru

farneasy.com

Targets

- Target
  
  evaluation quote.docx
- Size
  
  10KB
- MD5
  
  bd609da0d3cc74098b2e771b8fce0915
- SHA1
  
  b7058fe67f5f769995f77294975a4d8688ffa1e0
- SHA256
  
  67d398e11b6229ba7fd8895f73dc96ff99fd50a2f6c7360938e0a4eb748a18e8
- SHA512
  
  82ecf121b3f89055c633640e99ce62a09c9eab01588c79653b36347259d13a37883f46913b8a43b70ccc8753cf5255e02b4f546e22f2d93718e82007949fe1db
Score

10^/10

xloader loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Abuses OpenXML format to download file from external location
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderloaderrat

behavioral2

© 2018-2024

Terms | Privacy