xloader | c13a3022f2212e4e16fb2147f6fd0c09ed4439a49b4313603a5e48b7b3174167 | Triage

Submit
Reports

Overview

overview

Static

static

090900 Quo...t.xlsx

windows7_x64

090900 Quo...t.xlsx

windows10_x64

1

Sharing

General

Target

090900 Quotation - Urgent.xlsx
Size

269KB
Sample

211013-hsr7tadfg8
MD5

efdb3073607b0e44e67b7436fdb70f5b
SHA1

bac5f9c3aa6e6fae7034d6a1fc9197b1090b4f0e
SHA256

c13a3022f2212e4e16fb2147f6fd0c09ed4439a49b4313603a5e48b7b3174167
SHA512

30efeeb74b2c0bec55e1d0abb8147da25f212e58b0a66a8e8d4f3c83142de43b347ffa6043399867774bb3deca446fd4de5eb1b5010d98c532cfec8fca2181ec

Score

10^/10

xloader b2c0 loader rat

Static task

static1

Behavioral task

behavioral1

Sample

090900 Quotation - Urgent.xlsx

Resource

win7v20210408

xloader b2c0 loader rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

090900 Quotation - Urgent.xlsx

Resource

win10-en-20210920

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

b2c0

C2

http://www.thesewhitevvalls.com/b2c0/

Decoy

bjyxszd520.xyz

hsvfingerprinting.com

elliotpioneer.com

bf396.com

chinaopedia.com

6233v.com

shopeuphoricapparel.com

loccssol.store

truefictionpictures.com

playstarexch.com

peruviancoffee.store

shobhajoshi.com

philme.net

avito-rules.com

independencehomecenters.com

atp-cayenne.com

invetorsbank.com

sasanos.com

scentfreebnb.com

catfuid.com

sunshinefamilysupport.com

madison-co-atty.net

newhousebr.com

newstodayupdate.com

kamalaanjna.com

itpronto.com

hi-loentertainment.com

sadpartyrentals.com

vertuminy.com

khomayphotocopy.club

roleconstructora.com

cottonhome.online

starsspell.com

bedrijfs-kledingshop.com

aydeyahouse.com

miaintervista.com

taolemix.com

lnagvv.space

bjmobi.com

collabkc.art

onayli.net

ecostainable.com

vi88.info

brightlifeprochoice.com

taoluzhibo.info

techgobble.com

ideemimarlikinsaat.com

andajzx.com

shineshaft.website

arroundworld.com

reyuzed.com

emilfaucets.com

lumberjackguitarloops.com

pearl-interior.com

altitudebc.com

cqjiubai.com

kutahyaescortbayanlarim.xyz

metalworkingadditives.online

unasolucioendesa.com

andrewfjohnston.com

visionmark.net

dxxlewis.com

carts-amazon.com

anadolu.academy

Targets

- Target
  
  090900 Quotation - Urgent.xlsx
- Size
  
  269KB
- MD5
  
  efdb3073607b0e44e67b7436fdb70f5b
- SHA1
  
  bac5f9c3aa6e6fae7034d6a1fc9197b1090b4f0e
- SHA256
  
  c13a3022f2212e4e16fb2147f6fd0c09ed4439a49b4313603a5e48b7b3174167
- SHA512
  
  30efeeb74b2c0bec55e1d0abb8147da25f212e58b0a66a8e8d4f3c83142de43b347ffa6043399867774bb3deca446fd4de5eb1b5010d98c532cfec8fca2181ec
Score

10^/10

xloader b2c0 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderb2c0loaderrat

behavioral2

© 2018-2024

Terms | Privacy