xloader | fdf00af2636a0e8756bb4f8eece1dfe360127c96030ce3f4bbb1484909333de0 | Triage

Sharing

General

Target

PURCHASE ORDER 5112101.xlsx
Size

1.4MB
Sample

210511-xlwzkhl5ps
MD5

5c28a20ff81428e4038d11a4eca86729
SHA1

8dd4efc4906f1227589515da1ce37f1a12f09e37
SHA256

fdf00af2636a0e8756bb4f8eece1dfe360127c96030ce3f4bbb1484909333de0
SHA512

ff727aab96c571b44d280b02b08bbe795d2623afd27982c7a3df2fb5c2b0d1edf7b84a8b69f365776e442cf58099beab879da532136fd7fd24033d7b7ee909e5

Score

10^/10

xloader loader rat

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.drpratimakanade.com/bucw/

Decoy

cypresscommonsmesa.com

xunzetec.com

remotelearningteaching.com

leftofcrypto.com

netoscarlocadora.com

christinahsmith.com

dentalimplantsrulerun.info

lovelutionsolutions.com

incintlservicesus.com

elktcg.com

spahnmovieranch.com

deaf-noise.xyz

shopanilora.com

mianmozx.com

brlnathletics.com

cornishway.com

landscapingdracut.com

herusageseesee.com

funimationapp.com

jflowllc.com

Targets

- Target
  
  PURCHASE ORDER 5112101.xlsx
- Size
  
  1.4MB
- MD5
  
  5c28a20ff81428e4038d11a4eca86729
- SHA1
  
  8dd4efc4906f1227589515da1ce37f1a12f09e37
- SHA256
  
  fdf00af2636a0e8756bb4f8eece1dfe360127c96030ce3f4bbb1484909333de0
- SHA512
  
  ff727aab96c571b44d280b02b08bbe795d2623afd27982c7a3df2fb5c2b0d1edf7b84a8b69f365776e442cf58099beab879da532136fd7fd24033d7b7ee909e5
Score

10^/10

xloader loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Command-Line Interface

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderloaderrat

behavioral2