xloader | ee125af12f2e57274d9319559690ab1c9403ddacc9bb337e7109c189ecf64a91 | Triage

Submit
Reports

Overview

overview

Static

static

Lod4.xlsx

windows7_x64

Lod4.xlsx

windows10_x64

1

Sharing

General

Target

Lod4.xlsx
Size

186KB
Sample

220131-e1zp3sfeh8
MD5

56ef6b1e6fd2fc1dc0f874684946e22d
SHA1

933a7a76510252a38d95f66b5da8027c8e670e0d
SHA256

ee125af12f2e57274d9319559690ab1c9403ddacc9bb337e7109c189ecf64a91
SHA512

269c136ceb741510781a3cf0e08aea1004a84631712bdc890195c4f4d11cb2238c3e3338e659081aae2dc9ef43f0679e934734132467c6fef67c6ddea8383f28

Score

10^/10

xloader ndf8 loader rat

Static task

static1

Behavioral task

behavioral1

Sample

Lod4.xlsx

Resource

win7-en-20211208

xloader ndf8 loader rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Lod4.xlsx

Resource

win10-en-20211208

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ndf8

Decoy

cantobait.com

theangularteam.com

qq2222.xyz

floridasteamclean.com

daffodilhilldesigns.com

mindfulagilecoaching.com

xbyll.com

jessicaepedro2021.net

ccssv.top

zenginbilgiler.com

partumball.com

1681890.com

schippermediaproductions.com

m2volleyballclub.com

ooiase.com

sharingtechnology.net

kiminplaka.com

usedgeartrader.com

cosyba.com

foodfriendshipandyou.com

ottolimo.com

growingyourlist.com

therealvictoriabelieves.com

juststartmessy.com

giovannahuyke.biz

conditionsapplied.com

hypadel.com

hpywk.com

safepostcourier.com

heshicn.net

perfektdesigns.com

4008238110.com

29store.xyz

frasins.com

amrittrading.com

dimaiwang.com

promtgloan.com

rosalvarodriguez.com

yiqingdh.xyz

toloache-matrix.com

homevoru.com

esatescort.xyz

onlinedictionary.cloud

smarthomesecurity.online

nikisankala.com

multizoneductlessminisplits.com

32123.space

bethesdagardensloveland.com

bestpicture-toglancetoday.info

mochicascafe.com

moneylovepig.com

envisioneyecare.net

jumbul.com

onbecomingalifecoach.com

gubosaonline.com

2636654.win

ktxloo.com

side-clicks.com

spectrumassociation.com

albatrosmed.store

drsazidalsahaf.com

applykpologistics.com

rezzo-jazzavienne.com

huachen100.net

pawastreams.com

Targets

- Target
  
  Lod4.xlsx
- Size
  
  186KB
- MD5
  
  56ef6b1e6fd2fc1dc0f874684946e22d
- SHA1
  
  933a7a76510252a38d95f66b5da8027c8e670e0d
- SHA256
  
  ee125af12f2e57274d9319559690ab1c9403ddacc9bb337e7109c189ecf64a91
- SHA512
  
  269c136ceb741510781a3cf0e08aea1004a84631712bdc890195c4f4d11cb2238c3e3338e659081aae2dc9ef43f0679e934734132467c6fef67c6ddea8383f28
Score

10^/10

xloader ndf8 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderndf8loaderrat

behavioral2

© 2018-2024

Terms | Privacy