xloader | 30e0ddcca8b2f009fcd0d465afe04bcb6a274532ecca935c0a544efe305f10ac | Triage

Submit
Reports

Overview

overview

Static

static

BORG EL AR...8.xlsx

windows7_x64

BORG EL AR...8.xlsx

windows10-2004_x64

1

Sharing

General

Target

BORG EL ARAB _ OC 104117978.xlsx
Size

186KB
Sample

220302-vnlkpaffh4
MD5

fc8b48015d13241e10a8a39f79acb497
SHA1

9d03fee0b9d5848b3518505e3be0fac9b09af059
SHA256

30e0ddcca8b2f009fcd0d465afe04bcb6a274532ecca935c0a544efe305f10ac
SHA512

4e2c805a83b3a111482f5a0e2e518541dc6d12dd78b6cd0e7756101d0f069190debbe95704ef49ee2b421f181b2f1b7e5b3ab3c41e19e20225ec2a5473a3603f

Score

10^/10

xloader p2a5 loader rat

Static task

static1

Behavioral task

behavioral1

Sample

BORG EL ARAB _ OC 104117978.xlsx

Resource

win7-20220223-en

xloader p2a5 loader rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

BORG EL ARAB _ OC 104117978.xlsx

Resource

win10v2004-en-20220112

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

p2a5

Decoy

gorillaslovebananas.com

zonaextasis.com

digitalpravin.online

memorialdoors.com

departmenteindhoven.com

vipulb.com

ruyibao365.com

ynpzz.com

matthewandjessica.com

winfrey2024.com

janetride.com

arairazur.xyz

alltheheads.com

amayawebdesigns.com

califunder.com

blacksource.xyz

farmasi.agency

ilmkibahar.com

thinkcentury.net

eskortclub.com

trc-clicks.com

negc-inc.com

knightfy.com

rentalsinkendall.com

semikron1688.com

755xy.xyz

primespot-shop.com

securetravel.group

luxehairbyjen.com

augpropertygroup.com

xinlishiqiaoqiao.xyz

naggingvmkqmn.online

pynch2.com

awarco.net

booyademy.com

244.house

574761.com

haoshanzhai.com

dubaiforlife.com

acidiccatlsd.com

amotekuntv.com

runfreeco.com

iamaka.net

599-63rdstreet.com

cakeshares.com

evengl.com

joinlever.com

cyberaised.online

genrage.com

walterjliveharder.com

northbayavs.com

spajoo.com

ypkp-com37qq.com

dautucamlam.com

installslostp.xyz

bisbenefits.solutions

espchange.com

exteches.com

utilitytrace.com

468max.com

835391.com

shoptomst.com

pingerton.online

avpxshnibd.mobi

cupboarddi.com

Targets

- Target
  
  BORG EL ARAB _ OC 104117978.xlsx
- Size
  
  186KB
- MD5
  
  fc8b48015d13241e10a8a39f79acb497
- SHA1
  
  9d03fee0b9d5848b3518505e3be0fac9b09af059
- SHA256
  
  30e0ddcca8b2f009fcd0d465afe04bcb6a274532ecca935c0a544efe305f10ac
- SHA512
  
  4e2c805a83b3a111482f5a0e2e518541dc6d12dd78b6cd0e7756101d0f069190debbe95704ef49ee2b421f181b2f1b7e5b3ab3c41e19e20225ec2a5473a3603f
Score

10^/10

xloader p2a5 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderp2a5loaderrat

behavioral2

© 2018-2024

Terms | Privacy