xloader | 6234b22b81f55ce005b34b03c6ed94273060a0d0644728753c7c1651eeebac51 | Triage

Submit
Reports

Overview

overview

Static

static

PO-SKM16204.xlsx

windows7_x64

PO-SKM16204.xlsx

windows10-2004_x64

4

Sharing

General

Target

PO-SKM16204.xlsx
Size

187KB
Sample

220217-vtsaescdc5
MD5

dce483138ae7a79d5ca283aa65b8bea7
SHA1

ae77a002fc095eb56fdb9bf30c689adfd9a29fc2
SHA256

6234b22b81f55ce005b34b03c6ed94273060a0d0644728753c7c1651eeebac51
SHA512

93bcfedc054acb142c28ce6f1f4355b50779620b79745e7e1f7bc8032b2c3585deab4a2e26690d08902ff7192c50a16ee718c32883b5fdc55e52b4592267393c

Score

10^/10

xloader ahc8 loader rat

Static task

static1

Behavioral task

behavioral1

Sample

PO-SKM16204.xlsx

Resource

win7-en-20211208

xloader ahc8 loader rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

PO-SKM16204.xlsx

Resource

win10v2004-en-20220112

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ahc8

Decoy

192451.com

wwwripostes.net

sirikhalsalaw.com

bitterbaybay.com

stella-scrubs.com

almanecermezcal.com

goodgood.online

translate-now.online

sincerefilm.com

quadrantforensics.com

johnfrenchart.com

plick-click.com

alnileen.com

tghi.xyz

172711.com

maymakita.com

punnyaseva.com

ukash-online.com

sho-yururi-blog.com

hebergement-solidaire.com

civicinfluencers.net

gzhf8888.com

kuleallstar.com

palisadeslodgecondos.com

holyhirschsprungs.com

azalearoseuk.com

jaggllc.com

italianrofrow.xyz

ioewur.xyz

3a5hlv.icu

kitcycle.com

estate.xyz

ankaraescortvip.xyz

richclubsite2001.xyz

kastore.website

515pleasantvalleyway.com

sittlermd.com

mytemple.group

tiny-wagen.com

sharaleesvintageflames.com

mentalesteem.com

sport-newss.online

fbve.space

lovingtruebloodindallas.com

eaglehospitality.biz

roofrepairnow.info

mcrosfts-updata.digital

cimpactinc.com

greatnotleyeast.com

lovely-tics.com

douglas-enterprise.com

dayannalima.online

ksodl.com

rainbowlampro.com

theinteriorsfurniture.com

eidmueller.email

cg020.online

gta6fuzhu.com

cinemaocity.com

hopeitivity.com

savageequipment.biz

groceriesbazaar.com

hempgotas.com

casino-pharaon-play.xyz

ralfrassendnk-login.com

Targets

- Target
  
  PO-SKM16204.xlsx
- Size
  
  187KB
- MD5
  
  dce483138ae7a79d5ca283aa65b8bea7
- SHA1
  
  ae77a002fc095eb56fdb9bf30c689adfd9a29fc2
- SHA256
  
  6234b22b81f55ce005b34b03c6ed94273060a0d0644728753c7c1651eeebac51
- SHA512
  
  93bcfedc054acb142c28ce6f1f4355b50779620b79745e7e1f7bc8032b2c3585deab4a2e26690d08902ff7192c50a16ee718c32883b5fdc55e52b4592267393c
Score

10^/10

xloader ahc8 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderahc8loaderrat

behavioral2

© 2018-2024

Terms | Privacy