xloader | 456ca33de7c167dfc6964c7862a89cfac7ef8e6228756f0c1c3b85fcaea0dd6f | Triage

Submit
Reports

Overview

overview

Static

static

S28BW-4211...0.xlsx

windows7_x64

S28BW-4211...0.xlsx

windows10-2004_x64

1

Sharing

General

Target

S28BW-421122909390.xlsx
Size

186KB
Sample

220223-l6tjkshff2
MD5

50d0fd4846a8e72a6b4f59f0f3df86d1
SHA1

b7dba6c5817183a7db693e1fe7d799a9d86b9126
SHA256

456ca33de7c167dfc6964c7862a89cfac7ef8e6228756f0c1c3b85fcaea0dd6f
SHA512

71c9a90ecc211bd6137e025f455e70adf94290da30887a7f395e3603280652ad558276019d1c3799a74c41a30020bcc501108aa59a3f356e072ab601048d9358

Score

10^/10

xloader p2a5 loader rat

Static task

static1

Behavioral task

behavioral1

Sample

S28BW-421122909390.xlsx

Resource

win7-en-20211208

xloader p2a5 loader rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

S28BW-421122909390.xlsx

Resource

win10v2004-en-20220112

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

p2a5

Decoy

gorillaslovebananas.com

zonaextasis.com

digitalpravin.online

memorialdoors.com

departmenteindhoven.com

vipulb.com

ruyibao365.com

ynpzz.com

matthewandjessica.com

winfrey2024.com

janetride.com

arairazur.xyz

alltheheads.com

amayawebdesigns.com

califunder.com

blacksource.xyz

farmasi.agency

ilmkibahar.com

thinkcentury.net

eskortclub.com

trc-clicks.com

negc-inc.com

knightfy.com

rentalsinkendall.com

semikron1688.com

755xy.xyz

primespot-shop.com

securetravel.group

luxehairbyjen.com

augpropertygroup.com

xinlishiqiaoqiao.xyz

naggingvmkqmn.online

pynch2.com

awarco.net

booyademy.com

244.house

574761.com

haoshanzhai.com

dubaiforlife.com

acidiccatlsd.com

amotekuntv.com

runfreeco.com

iamaka.net

599-63rdstreet.com

cakeshares.com

evengl.com

joinlever.com

cyberaised.online

genrage.com

walterjliveharder.com

northbayavs.com

spajoo.com

ypkp-com37qq.com

dautucamlam.com

installslostp.xyz

bisbenefits.solutions

espchange.com

exteches.com

utilitytrace.com

468max.com

835391.com

shoptomst.com

pingerton.online

avpxshnibd.mobi

cupboarddi.com

Targets

- Target
  
  S28BW-421122909390.xlsx
- Size
  
  186KB
- MD5
  
  50d0fd4846a8e72a6b4f59f0f3df86d1
- SHA1
  
  b7dba6c5817183a7db693e1fe7d799a9d86b9126
- SHA256
  
  456ca33de7c167dfc6964c7862a89cfac7ef8e6228756f0c1c3b85fcaea0dd6f
- SHA512
  
  71c9a90ecc211bd6137e025f455e70adf94290da30887a7f395e3603280652ad558276019d1c3799a74c41a30020bcc501108aa59a3f356e072ab601048d9358
Score

10^/10

xloader p2a5 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderp2a5loaderrat

behavioral2

© 2018-2024

Terms | Privacy