xloader | 301c7c22b62e1a034bdfe23c52e2bddf35701ae8ec20f4f25d8729eeaf533d78 | Triage

Submit
Reports

Overview

overview

Static

static

2022 Proje...l.xlsx

windows7_x64

2022 Proje...l.xlsx

windows10-2004_x64

8

Sharing

General

Target

2022 Project Proposal.xlsx
Size

187KB
Sample

220131-n471ashff2
MD5

04ac21a7f53f1272fdbeda43806427e2
SHA1

79b5696e2e262573d4523cc158f4b296fe524626
SHA256

301c7c22b62e1a034bdfe23c52e2bddf35701ae8ec20f4f25d8729eeaf533d78
SHA512

265e154b1fa3634c3ecb7b15cc0de2f7660b47cda35f87c207414f3074041f689eed96d4eab84d32bc5acc0ebc764184ef977627f440f451ac981c5d741a673f

Score

10^/10

xloader nt3f loader persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

2022 Project Proposal.xlsx

Resource

win7-en-20211208

xloader nt3f loader rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

2022 Project Proposal.xlsx

Resource

win10v2004-en-20220113

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

nt3f

Decoy

tricyclee.com

kxsw999.com

wisteria-pavilion.com

bellaclancy.com

promissioskincare.com

hzy001.xyz

checkouthomehd.com

soladere.com

point4sales.com

socalmafia.com

libertadysarmiento.online

nftthirty.com

digitalgoldcryptostock.net

tulekiloscaird.com

austinfishandchicken.com

wlxxch.com

mgav51.xyz

landbanking.global

saprove.com

babyfaces.skin

elainemaxwellcoaching.com

1388xc.com

juveniscloud.com

bsauksjon.com

the-waterkooler.com

comment-changer-sa-vie.com

psmcnd.top

rhodesleadingedge.com

mccuelawfirm.com

skinnscience.club

hype-clicks.com

liaojinc.xyz

okmakers.com

ramblertour.online

wickedhunterworld.com

fit-threads.com

cookidoo.website

magentabin.com

pynch1.com

best-paper-to-know-today.info

allmight.net

monicraftsprintables.com

avataroasis.com

10dian-4.com

cozastore.net

capitalcased.com

spacezanome.xyz

feiyangmi.com

11opus.com

getinteriorsolution.com

tidyhutstore.com

amazingpomskyfamily.com

tfcvintage.com

halfanape.com

rotakb.com

martinasfood.com

the-thanks.com

mithilmehta.com

em-photo.art

primerepro.com

lankasirinspa.com

gtbaibang.com

zealandiatobacco.com

deepikatransportpackers.com

eagle-meter.com

Targets

- Target
  
  2022 Project Proposal.xlsx
- Size
  
  187KB
- MD5
  
  04ac21a7f53f1272fdbeda43806427e2
- SHA1
  
  79b5696e2e262573d4523cc158f4b296fe524626
- SHA256
  
  301c7c22b62e1a034bdfe23c52e2bddf35701ae8ec20f4f25d8729eeaf533d78
- SHA512
  
  265e154b1fa3634c3ecb7b15cc0de2f7660b47cda35f87c207414f3074041f689eed96d4eab84d32bc5acc0ebc764184ef977627f440f451ac981c5d741a673f
Score

10^/10

xloader nt3f loader rat persistence
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Sets service image path in registry
  persistence
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloadernt3floaderrat

behavioral2

© 2018-2024

Terms | Privacy