xloader | 1256f793afb38cb63438acdbb6e1e3646eb66d4ecd1c4fe79178702e43311c94 | Triage

Submit
Reports

Overview

overview

Static

static

DocNo23000...__.rtf

windows7_x64

DocNo23000...__.rtf

windows10_x64

1

Sharing

General

Target

DocNo2300058329.doc__.rtf
Size

316KB
Sample

210502-6mglz9xjns
MD5

5e37b9c3ab14d8c2349506fa6be2de0d
SHA1

1e5777efbbe88c9f92ec0438eb07d9b7c92ea43d
SHA256

1256f793afb38cb63438acdbb6e1e3646eb66d4ecd1c4fe79178702e43311c94
SHA512

2eb029a1e719a5312084d0ead75af3276a9bab55a112f71df820fd4f681cdfda7eeabdc8ca1cd124e7c5381b5104bf712117fcf1ca6f4dacc6379970241cddca

Score

10^/10

xloader loader rat

Static task

static1

Behavioral task

behavioral1

Sample

DocNo2300058329.doc__.rtf

Resource

win7v20210410

xloader loader rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

DocNo2300058329.doc__.rtf

Resource

win10v20210408

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.jqjdgw.com/ued5/

Decoy

italiancosmeticbeauty.com

zhima7.com

phresheffect.com

comp-savvy.net

xjhtcaum.com

copperbrassgermkey.com

smero.financial

opticsoptimum.com

pisanosportpraxis.com

pediatricfeedrates.com

binsogleam.com

sarahseatter.com

wywatershed.com

smellyhomeshop.com

naviorchidlife.com

cunerier.com

thecornercomputers.com

brightwoodcollection.com

taxprep-repsolutions.net

phukien4u.net

crezcayemprenda.com

terrasroraima.com

vinkot.com

endthefatblogs.com

nwmicrobefreesolutions.com

chandlerguo.com

pacificedgesunglasses.com

hurrygift.com

felocacasa.com

zoom-sides.com

dovesprinklers.com

caravaggioclothing.com

renchengjixie.com

hfctzdsns.club

sukaa.tech

gurukulmitra.com

thedailyprocrastinator.com

xinxiu.store

woodlanddentalcarefl.com

pyperpay.com

fabularo.com

tvdajiang14.com

ihatesammamish.com

bbluebelttvwdbuy.com

replenish-skin.com

qf577.com

freemoneyfornursingschool.com

lpida.com

schmelzens.com

exuberantemodafeminina.com

babylandclothing.com

designer-dropship.com

sbeconlineacademy.com

homeandcabinwoodsigns.com

cqxiangcida.com

806queen.com

metropolisgrowlers.com

easycremationserviceusa.com

greenpis0n.com

vagasportal.com

hargsgroup.com

hyrerecruiting.com

carlsonwagonlit.sucks

beischabig.com

Targets

- Target
  
  DocNo2300058329.doc__.rtf
- Size
  
  316KB
- MD5
  
  5e37b9c3ab14d8c2349506fa6be2de0d
- SHA1
  
  1e5777efbbe88c9f92ec0438eb07d9b7c92ea43d
- SHA256
  
  1256f793afb38cb63438acdbb6e1e3646eb66d4ecd1c4fe79178702e43311c94
- SHA512
  
  2eb029a1e719a5312084d0ead75af3276a9bab55a112f71df820fd4f681cdfda7eeabdc8ca1cd124e7c5381b5104bf712117fcf1ca6f4dacc6379970241cddca
Score

10^/10

xloader loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xloaderloaderrat

behavioral2

© 2018-2024

Terms | Privacy