xloader | 3c9280552a4129fdf884414b080c80d5ffc72403079d7a5292e9b09d832ab37d | Triage

Submit
Reports

Overview

overview

Static

static

P.O-5433ERE.doc

windows7_x64

P.O-5433ERE.doc

windows10_x64

1

Sharing

General

Target

P.O-5433ERE.doc
Size

21KB
Sample

211125-vf983sbbh2
MD5

17ca06000e92058f0d43259b2683537c
SHA1

db453e5125310d209fe04fb0211677d79d25f3ee
SHA256

3c9280552a4129fdf884414b080c80d5ffc72403079d7a5292e9b09d832ab37d
SHA512

3e05cc9f7284eb7a1d6756380882b0b1b2d89ce42b887e6c28c49342a9ce61157392997f7bdd96add1fbeefe3ea2ce07c14e8b1e6b245488a2c248d0b8e51148

Score

10^/10

xloader op9t loader rat

Static task

static1

Behavioral task

behavioral1

Sample

P.O-5433ERE.doc

Resource

win7-en-20211104

xloader op9t loader rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

P.O-5433ERE.doc

Resource

win10-en-20211014

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

op9t

C2

http://www.fcusd4.com/op9t/

Decoy

tzjwt261888.com

top10iecasinos.com

nurotag.com

controlparental24.com

truenettnpasumo1.xyz

finsits.com

publicfigure.skin

natalispharma.com

brixbol.com

bal.group

perfectinteractivemedia.com

fascialboost.com

jgcpfb120.com

grizzlysolutionsllc.net

wearegardenersusa.com

rjsarka.com

shintoku-gsfarm.com

1oavyx.com

volunteervabetweenk.com

tdshawn.com

bandhancustomer.com

amyzingskin.com

sorbetsa.com

eadbrasil.club

directnaukri.com

alltheheads.com

elbbinandnibble.online

kaizenswinger.com

kimberleydawnwallace.com

zscyyds.xyz

ecranthermique.com

mystitched.com

shophallows.com

cachondearais.xyz

flavatdvb.quest

christendombiblecollege.com

affordalbehousing.com

engro-connect.com

lorticepttoyof2.xyz

kingslot.bet

wiseriq.com

emmaraducanu.tennis

xn--seebhnegrlitz-pmb9f.com

perfectstudio.net

thenewera.icu

com104940689794.icu

imaginative-coaching.com

campdiscount.info

waggledance.net

excellglobus.com

fssqyd.com

yalesi.net

aoliutech.com

replenish.place

nityammed.com

stanislauscountyedu.info

029saxjy.com

lttcp089.com

texaszephyr.com

sloanlakecomedy.com

axonlang.com

bhutaan.com

sevensummitclimbing.com

wolfenhawk.com

Targets

- Target
  
  P.O-5433ERE.doc
- Size
  
  21KB
- MD5
  
  17ca06000e92058f0d43259b2683537c
- SHA1
  
  db453e5125310d209fe04fb0211677d79d25f3ee
- SHA256
  
  3c9280552a4129fdf884414b080c80d5ffc72403079d7a5292e9b09d832ab37d
- SHA512
  
  3e05cc9f7284eb7a1d6756380882b0b1b2d89ce42b887e6c28c49342a9ce61157392997f7bdd96add1fbeefe3ea2ce07c14e8b1e6b245488a2c248d0b8e51148
Score

10^/10

xloader op9t loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderop9tloaderrat

behavioral2

© 2018-2024

Terms | Privacy