xloader | 2fe50cd698c141231db5d547de06e846312bbddaa3d5e8be0e012cc61de114ed | Triage

Submit
Reports

Overview

overview

Static

static

tmp/2fe50c...ed.xls

windows7_x64

tmp/2fe50c...ed.xls

windows10_x64

1

Sharing

General

Target

tmp/2fe50cd698c141231db5d547de06e846312bbddaa3d5e8be0e012cc61de114ed.xls
Size

310KB
Sample

220111-m6k3wafcg8
MD5

95cbc1f3891ed39e56fa3196a060f94e
SHA1

ca003b9444c4eebeb468985bf53db7f7db52a4a8
SHA256

2fe50cd698c141231db5d547de06e846312bbddaa3d5e8be0e012cc61de114ed
SHA512

163f3d915abdc6042c6f7c39e0b7f7adc7a79a6e7ec96908d352ac1de3292a3c59b3bf7c5be56967249ea0dbc6a8763a0c18efd269195d3d44973aec0023b57c

Score

10^/10

xloader pnug loader rat

Static task

static1

Behavioral task

behavioral1

Sample

tmp/2fe50cd698c141231db5d547de06e846312bbddaa3d5e8be0e012cc61de114ed.xls

Resource

win7-en-20211208

xloader pnug loader rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

tmp/2fe50cd698c141231db5d547de06e846312bbddaa3d5e8be0e012cc61de114ed.xls

Resource

win10-en-20211208

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

pnug

Decoy

natureate.com

ita-pots.website

sucohansmushroom.com

produrielrosen.com

gosystemupdatenow.online

jiskra.art

janwiench.com

norfolkfoodhall.com

iloveaddictss.com

pogozip.com

buyinstapva.com

teardirectionfreedom.xyz

0205168.com

apaixonadosporpugs.online

jawscoinc.com

crafter.quest

wikipedianow.com

radiopuls.net

kendama-co.com

goodstudycanada.com

huzhoucs.com

asinment.com

fuchsundrudolph.com

arthurenathalia.com

globalcosmeticsstudios.com

brandrackley.com

freemanhub.one

utserver.online

fullspecter.com

wshowcase.com

airjordanshoes-retro.com

linguimatics.com

app-verlengen.icu

singpost.red

j4.claims

inoteapp.net

jrdautomotivellc.com

xn--beaupre-6xa.com

mypolicyportal.net

wdgjdhpg.com

anshulindla.com

m981070.com

vertentebike.com

claim-available.com

buyfudgybombs.com

adfnapoli.com

blackfuid.com

clambakedelivered.info

marketingworksonhold.com

xvyj.top

richardsonsfinest.com

gurimix.com

dorhop.com

mauigrowngreencoffee.net

juzytuu.xyz

pokorny.industries

floridapermitsolutions.com

right-on-target-store.com

ynaire.com

nextpar.com

disdrone.com

fruitfulvinebirth.com

africanfairytale.com

leisuresabah.com

safetyeats.asia

Targets

- Target
  
  tmp/2fe50cd698c141231db5d547de06e846312bbddaa3d5e8be0e012cc61de114ed.xls
- Size
  
  310KB
- MD5
  
  95cbc1f3891ed39e56fa3196a060f94e
- SHA1
  
  ca003b9444c4eebeb468985bf53db7f7db52a4a8
- SHA256
  
  2fe50cd698c141231db5d547de06e846312bbddaa3d5e8be0e012cc61de114ed
- SHA512
  
  163f3d915abdc6042c6f7c39e0b7f7adc7a79a6e7ec96908d352ac1de3292a3c59b3bf7c5be56967249ea0dbc6a8763a0c18efd269195d3d44973aec0023b57c
Score

10^/10

xloader pnug loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderpnugloaderrat

behavioral2

© 2018-2024

Terms | Privacy