xloader | 555467cb88d23529540d6d644cbd1862cf04a728d783b0f908457c073d5d5316 | Triage

Submit
Reports

Overview

overview

Static

static

ORDER -ASL...DF.doc

windows7_x64

ORDER -ASL...DF.doc

windows10_x64

1

Sharing

General

Target

ORDER -ASLF1SR00116-PDF.doc
Size

1.9MB
Sample

210727-1dpwkfw6pe
MD5

0c0b60565c79f37d0e1d15b3b2013fc4
SHA1

efcb55212302d0711069bdca97897b45f739358a
SHA256

555467cb88d23529540d6d644cbd1862cf04a728d783b0f908457c073d5d5316
SHA512

62b4b6f704798d1b9b5ebd88d2ed26ff46c86d5cc4564aab75fad18a7ed226387b923026366a82fc2d4ce8fd8d5fb82332ed4a6f85ccba351d669ea8d2fcacfa

Score

10^/10

xloader agilenet loader rat suricata

Static task

static1

Behavioral task

behavioral1

Sample

ORDER -ASLF1SR00116-PDF.doc

Resource

win7v20210408

xloader agilenet loader rat suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ORDER -ASLF1SR00116-PDF.doc

Resource

win10v20210408

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.yummylipz.net/b8eu/

Decoy

ppslide.com

savorysinsation.com

camilaediego2021.com

rstrunk.net

xianshikanxiyang.club

1borefruit.com

ay-danil.club

xamangxcoax.club

waltonunderwood.com

laurabissell.com

laurawmorrow.com

albamauto.net

usamlb.com

theoyays.com

freeitproject.com

jijiservice.com

ukcarpetclean.com

wc399.com

xn--pskrtmebeton-dlbc.online

exclusivemerchantsolutions.com

kkkc5.com

kakashis.club

minldsrvlceacvtlvty.net

tucantec.com

dreamlivehope.com

tayruaeco.com

wgaoutdoors.com

obersrock.com

notosickness.com

carporttube.com

customcbdgroup.com

vincentstreetdental.site

fidatosas.com

soft-drill.com

thelearningcountscompany.com

brateix.info

sexting-sites.com

wheredidmystokego.com

alorve.com

cataractmeds.com

purhenna.com

slicesystem.com

xn--v4q8fq9ps1clx5d774b.com

tuffysfight.com

dongtaykethop.cloud

thedesertwellness.com

maxridetubes.com

jungbo33.xyz

rokitrevs.com

fsoinc.com

bartelmefamily.com

greenresearch.farm

wws520.com

scoutandstellar.com

therachelfrankshow.com

rastrosomostodos.com

jqxfinance.com

escortsoslo.com

ocd-diesel.com

domainedelafrouardiere.com

9adamtech.com

omniheating.com

dpymenus.com

sellingonlineschool.com

Targets

- Target
  
  ORDER -ASLF1SR00116-PDF.doc
- Size
  
  1.9MB
- MD5
  
  0c0b60565c79f37d0e1d15b3b2013fc4
- SHA1
  
  efcb55212302d0711069bdca97897b45f739358a
- SHA256
  
  555467cb88d23529540d6d644cbd1862cf04a728d783b0f908457c073d5d5316
- SHA512
  
  62b4b6f704798d1b9b5ebd88d2ed26ff46c86d5cc4564aab75fad18a7ed226387b923026366a82fc2d4ce8fd8d5fb82332ed4a6f85ccba351d669ea8d2fcacfa
Score

10^/10

xloader agilenet loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE EXE Download Request To Wordpress Folder Likely Malicious
  suricata
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderagilenetloaderratsuricata

behavioral2

© 2018-2024

Terms | Privacy