xloader | 2e2ff6465fbc6043dc75bc1d6d15144fcc51f7860333f208cef6ec4c098f856e | Triage

Submit
Reports

Overview

overview

Static

static

S28BW-4211...0.xlsx

windows7_x64

S28BW-4211...0.xlsx

windows10-2004_x64

4

Sharing

General

Target

S28BW-421122909390.xlsx
Size

187KB
Sample

220222-h5jq7seac2
MD5

96d83ce629445d8534e77eeb35d19c56
SHA1

7add8952900d884d16ad7ebae1b97e97f4fae534
SHA256

2e2ff6465fbc6043dc75bc1d6d15144fcc51f7860333f208cef6ec4c098f856e
SHA512

fef94f86161f7f853a98d3ae4d55263fbbae33fc5b723613b39847254e6dbb7543bc190a949539cc1e13c590893e2a8f89b47ee2b188874ea779f51b7b1cd41c

Score

10^/10

xloader p2a5 loader rat

Static task

static1

Behavioral task

behavioral1

Sample

S28BW-421122909390.xlsx

Resource

win7-en-20211208

xloader p2a5 loader rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

S28BW-421122909390.xlsx

Resource

win10v2004-en-20220113

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

p2a5

Decoy

gorillaslovebananas.com

zonaextasis.com

digitalpravin.online

memorialdoors.com

departmenteindhoven.com

vipulb.com

ruyibao365.com

ynpzz.com

matthewandjessica.com

winfrey2024.com

janetride.com

arairazur.xyz

alltheheads.com

amayawebdesigns.com

califunder.com

blacksource.xyz

farmasi.agency

ilmkibahar.com

thinkcentury.net

eskortclub.com

trc-clicks.com

negc-inc.com

knightfy.com

rentalsinkendall.com

semikron1688.com

755xy.xyz

primespot-shop.com

securetravel.group

luxehairbyjen.com

augpropertygroup.com

xinlishiqiaoqiao.xyz

naggingvmkqmn.online

pynch2.com

awarco.net

booyademy.com

244.house

574761.com

haoshanzhai.com

dubaiforlife.com

acidiccatlsd.com

amotekuntv.com

runfreeco.com

iamaka.net

599-63rdstreet.com

cakeshares.com

evengl.com

joinlever.com

cyberaised.online

genrage.com

walterjliveharder.com

northbayavs.com

spajoo.com

ypkp-com37qq.com

dautucamlam.com

installslostp.xyz

bisbenefits.solutions

espchange.com

exteches.com

utilitytrace.com

468max.com

835391.com

shoptomst.com

pingerton.online

avpxshnibd.mobi

cupboarddi.com

Targets

- Target
  
  S28BW-421122909390.xlsx
- Size
  
  187KB
- MD5
  
  96d83ce629445d8534e77eeb35d19c56
- SHA1
  
  7add8952900d884d16ad7ebae1b97e97f4fae534
- SHA256
  
  2e2ff6465fbc6043dc75bc1d6d15144fcc51f7860333f208cef6ec4c098f856e
- SHA512
  
  fef94f86161f7f853a98d3ae4d55263fbbae33fc5b723613b39847254e6dbb7543bc190a949539cc1e13c590893e2a8f89b47ee2b188874ea779f51b7b1cd41c
Score

10^/10

xloader p2a5 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Command-Line Interface

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderp2a5loaderrat

behavioral2

© 2018-2024

Terms | Privacy