xloader | 4fccd7e86fa78a3510dc1e5bac951cfe95dfb6629536e22d0cadf00f049de500 | Triage

Submit
Reports

Overview

overview

Static

static

DUM 70-779 D.xlsx

windows7_x64

DUM 70-779 D.xlsx

windows10-2004_x64

1

Sharing

General

Target

DUM 70-779 D.xlsx
Size

186KB
Sample

220224-dj5pbsdbdm
MD5

7b9ee6d79797a5845aaddea358f7e48c
SHA1

f29b722e3560b260a3e628cc3427caff8792e8cb
SHA256

4fccd7e86fa78a3510dc1e5bac951cfe95dfb6629536e22d0cadf00f049de500
SHA512

76106377f35227621299b0da90f5286cff45cdc7bb3315506d08d411bddc2dcef3283e8a0ff731efff0f2eaeb265669d3f66f71636e80d2b1d3b2846ccc16787

Score

10^/10

xloader p2a5 loader rat suricata

Static task

static1

Behavioral task

behavioral1

Sample

DUM 70-779 D.xlsx

Resource

win7-20220223-en

xloader p2a5 loader rat suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

DUM 70-779 D.xlsx

Resource

win10v2004-en-20220112

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

p2a5

Decoy

gorillaslovebananas.com

zonaextasis.com

digitalpravin.online

memorialdoors.com

departmenteindhoven.com

vipulb.com

ruyibao365.com

ynpzz.com

matthewandjessica.com

winfrey2024.com

janetride.com

arairazur.xyz

alltheheads.com

amayawebdesigns.com

califunder.com

blacksource.xyz

farmasi.agency

ilmkibahar.com

thinkcentury.net

eskortclub.com

trc-clicks.com

negc-inc.com

knightfy.com

rentalsinkendall.com

semikron1688.com

755xy.xyz

primespot-shop.com

securetravel.group

luxehairbyjen.com

augpropertygroup.com

xinlishiqiaoqiao.xyz

naggingvmkqmn.online

pynch2.com

awarco.net

booyademy.com

244.house

574761.com

haoshanzhai.com

dubaiforlife.com

acidiccatlsd.com

amotekuntv.com

runfreeco.com

iamaka.net

599-63rdstreet.com

cakeshares.com

evengl.com

joinlever.com

cyberaised.online

genrage.com

walterjliveharder.com

northbayavs.com

spajoo.com

ypkp-com37qq.com

dautucamlam.com

installslostp.xyz

bisbenefits.solutions

espchange.com

exteches.com

utilitytrace.com

468max.com

835391.com

shoptomst.com

pingerton.online

avpxshnibd.mobi

cupboarddi.com

Targets

- Target
  
  DUM 70-779 D.xlsx
- Size
  
  186KB
- MD5
  
  7b9ee6d79797a5845aaddea358f7e48c
- SHA1
  
  f29b722e3560b260a3e628cc3427caff8792e8cb
- SHA256
  
  4fccd7e86fa78a3510dc1e5bac951cfe95dfb6629536e22d0cadf00f049de500
- SHA512
  
  76106377f35227621299b0da90f5286cff45cdc7bb3315506d08d411bddc2dcef3283e8a0ff731efff0f2eaeb265669d3f66f71636e80d2b1d3b2846ccc16787
Score

10^/10

xloader p2a5 loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata
- Xloader Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderp2a5loaderratsuricata

behavioral2

© 2018-2024

Terms | Privacy