xloader | 7a1e447f7534a388da24abdb7187757d8db1402edc08b3d74bb763cd0a18f86e | Triage

Sharing

General

Target

new order 18190001.xlsx
Size

1.2MB
Sample

210819-l311t4zpbx
MD5

727cef81cf0948f6d8ed9a1308cf4ff0
SHA1

4f7c6fa08eba471217c7775f55e6d258cddbe2aa
SHA256

7a1e447f7534a388da24abdb7187757d8db1402edc08b3d74bb763cd0a18f86e
SHA512

5882592d9a29d6fba033dd9bbbb58779e31250f007dc742b5a17b150434767395bb397fac765a2f62b935443578243490069bd2b450d353c1191972f55772a72

Score

10^/10

xloader ahdu loader rat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ahdu

C2

http://www.casinoregio.com/ahdu/

Decoy

premiumfreebie.com

spintheblackestcircles.com

okaidoku-shop.net

zonaseguradregistropremios.com

wzocflfow.com

maanyah.com

warrioredjuan.com

uniquelypizza.com

wondertreehr.com

ddriiverzautozs.com

mattenterline.com

urenium.com

salonjedibreakthrough.com

imgkurd.com

pierrejacqueslyon.com

quimicasurandina.com

jkpfukgmt.icu

ansariclinic.com

ashleysema.design

arkadiafoliage.com

Targets

- Target
  
  new order 18190001.xlsx
- Size
  
  1.2MB
- MD5
  
  727cef81cf0948f6d8ed9a1308cf4ff0
- SHA1
  
  4f7c6fa08eba471217c7775f55e6d258cddbe2aa
- SHA256
  
  7a1e447f7534a388da24abdb7187757d8db1402edc08b3d74bb763cd0a18f86e
- SHA512
  
  5882592d9a29d6fba033dd9bbbb58779e31250f007dc742b5a17b150434767395bb397fac765a2f62b935443578243490069bd2b450d353c1191972f55772a72
Score

10^/10

xloader ahdu loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderahduloaderrat

behavioral2