xloader | 119185f4a52970a65f9c4c893341594eb33f117bc42afe9297da34365960b22d | Triage

Submit
Reports

Overview

overview

Static

static

0077 (21-2...D.xlsx

windows7_x64

0077 (21-2...D.xlsx

windows10-2004_x64

4

Sharing

General

Target

0077 (21-22) PERFORMA INVOICE AND SALE CONTRACT REVISED.xlsx
Size

187KB
Sample

220209-r8sb7aafd2
MD5

6bb6abca3b7735d56f66f5078151a213
SHA1

f513bb85a9d5d38f8026343fdb8a69ecd7376bc9
SHA256

119185f4a52970a65f9c4c893341594eb33f117bc42afe9297da34365960b22d
SHA512

d732f8ea16ae73c2937db98cb4a4a422c1fdbdbed164ed2319f4a034d55b5ae830e23d8ff4a188b5e46597fab38aa38b619796234d708bea4940d64a786bce10

Score

10^/10

xloader p2a5 loader rat

Static task

static1

Behavioral task

behavioral1

Sample

0077 (21-22) PERFORMA INVOICE AND SALE CONTRACT REVISED.xlsx

Resource

win7-en-20211208

xloader p2a5 loader rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

0077 (21-22) PERFORMA INVOICE AND SALE CONTRACT REVISED.xlsx

Resource

win10v2004-en-20220113

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

p2a5

Decoy

gorillaslovebananas.com

zonaextasis.com

digitalpravin.online

memorialdoors.com

departmenteindhoven.com

vipulb.com

ruyibao365.com

ynpzz.com

matthewandjessica.com

winfrey2024.com

janetride.com

arairazur.xyz

alltheheads.com

amayawebdesigns.com

califunder.com

blacksource.xyz

farmasi.agency

ilmkibahar.com

thinkcentury.net

eskortclub.com

trc-clicks.com

negc-inc.com

knightfy.com

rentalsinkendall.com

semikron1688.com

755xy.xyz

primespot-shop.com

securetravel.group

luxehairbyjen.com

augpropertygroup.com

xinlishiqiaoqiao.xyz

naggingvmkqmn.online

pynch2.com

awarco.net

booyademy.com

244.house

574761.com

haoshanzhai.com

dubaiforlife.com

acidiccatlsd.com

amotekuntv.com

runfreeco.com

iamaka.net

599-63rdstreet.com

cakeshares.com

evengl.com

joinlever.com

cyberaised.online

genrage.com

walterjliveharder.com

northbayavs.com

spajoo.com

ypkp-com37qq.com

dautucamlam.com

installslostp.xyz

bisbenefits.solutions

espchange.com

exteches.com

utilitytrace.com

468max.com

835391.com

shoptomst.com

pingerton.online

avpxshnibd.mobi

cupboarddi.com

Targets

- Target
  
  0077 (21-22) PERFORMA INVOICE AND SALE CONTRACT REVISED.xlsx
- Size
  
  187KB
- MD5
  
  6bb6abca3b7735d56f66f5078151a213
- SHA1
  
  f513bb85a9d5d38f8026343fdb8a69ecd7376bc9
- SHA256
  
  119185f4a52970a65f9c4c893341594eb33f117bc42afe9297da34365960b22d
- SHA512
  
  d732f8ea16ae73c2937db98cb4a4a422c1fdbdbed164ed2319f4a034d55b5ae830e23d8ff4a188b5e46597fab38aa38b619796234d708bea4940d64a786bce10
Score

10^/10

xloader p2a5 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderp2a5loaderrat

behavioral2

© 2018-2024

Terms | Privacy