xloader | f8e5931926034fb027649ebd98867c41315b44bd05c7bb56f5f506a170162010 | Triage

Submit
Reports

Overview

overview

Static

static

TransportL...0.xlsx

windows7_x64

TransportL...0.xlsx

windows10_x64

1

Sharing

General

Target

TransportLabel_1189160070.xlsx
Size

334KB
Sample

211014-j76jesgff8
MD5

b21b088d12787311f331eac08a45cfa0
SHA1

0b4c9590dab94b7c84d788d27d8f4522395b961f
SHA256

f8e5931926034fb027649ebd98867c41315b44bd05c7bb56f5f506a170162010
SHA512

d7ecd91eb97b7a79b2346503d580fb747eff2867b7570ecac91d862bebe2922ac27d2e3c5bbb09474967164a992fa7a4a344dbf7d418e6408c7fb2813a692e20

Score

10^/10

xloader mxnu loader rat

Static task

static1

Behavioral task

behavioral1

Sample

TransportLabel_1189160070.xlsx

Resource

win7v20210408

xloader mxnu loader rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

TransportLabel_1189160070.xlsx

Resource

win10v20210408

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

mxnu

C2

http://www.naplesconciergerealty.com/mxnu/

Decoy

insightmyhome.com

gabriellamaxey.com

029atk.xyz

marshconstructions.com

technichoffghosts.com

blue-ivy-boutique-au.com

1sunsetgroup.com

elfkuhnispb.store

caoliudh.club

verifiedpaypal.net

jellyice-tr.com

gatescres.com

bloomberq.online

crystaltopagent.net

uggs-line.com

ecommerceplatform.xyz

historyofcambridge.com

sattaking-gaziabad.xyz

digisor.com

beachpawsmobilegrooming.com

whitebot.xyz

zacky6.online

qlfa8gzk8f.com

scottjasonfowler.com

influxair.com

desongli.com

xn--w7uy63f0ne2sj.com

pinup722bk.com

haohuatour.com

dharmathinkural.com

hanjyu.com

tbrhc.com

clarityflux.com

meltonandcompany.com

revgeek.com

onehigh.club

closetu.com

yama-nkok.com

brandonhistoryandinfo.com

funkidsroomdecor.com

epilasyonmerkeziankara.com

265411.com

watch12.online

dealsbonaza.com

gold2guide.art

tomclark.online

877961.com

washingtonboatrentals.com

promovart.com

megapollice.online

taquerialoteria.com

foxsontreeservice.com

safebookkeeping.com

theeducationwheel.online

sasanos.com

procurovariedades.com

normandia.pro

ingdalynnia.xyz

campusguideconsulting.com

ashramseries.com

clubcupids.art

mortgagerates.solutions

deepscanlabs.com

insulated-box.com

Targets

- Target
  
  TransportLabel_1189160070.xlsx
- Size
  
  334KB
- MD5
  
  b21b088d12787311f331eac08a45cfa0
- SHA1
  
  0b4c9590dab94b7c84d788d27d8f4522395b961f
- SHA256
  
  f8e5931926034fb027649ebd98867c41315b44bd05c7bb56f5f506a170162010
- SHA512
  
  d7ecd91eb97b7a79b2346503d580fb747eff2867b7570ecac91d862bebe2922ac27d2e3c5bbb09474967164a992fa7a4a344dbf7d418e6408c7fb2813a692e20
Score

10^/10

xloader mxnu loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloadermxnuloaderrat

behavioral2

© 2018-2024

Terms | Privacy