xloader | 5a2ba485918f8ae4dbe016d972fb1106ce28e5f4a003ab86d82c49db38c921e2 | Triage

Submit
Reports

Overview

overview

Static

static

NEW ORDER ...21.rtf

windows7_x64

NEW ORDER ...21.rtf

windows10-2004_x64

1

Sharing

General

Target

NEW ORDER FOR SUPPLY Ref PO-298721.doc
Size

9KB
Sample

220518-s7v75aebcr
MD5

999da45debe8277aa7669c3794c3e20a
SHA1

4f5d7562a57253fc3d9e08e966a446124dc73314
SHA256

5a2ba485918f8ae4dbe016d972fb1106ce28e5f4a003ab86d82c49db38c921e2
SHA512

6ac8e668cf358d4b095b610b381921e596c5fe507238108d633e42386830863e658bec07ca1e7a3e33aa18658b40a8b6db837480f5e27b7048293c9f1378b236

Score

10^/10

xloader r007 loader rat

Static task

static1

Behavioral task

behavioral1

Sample

NEW ORDER FOR SUPPLY Ref PO-298721.rtf

Resource

win7-20220414-en

xloader r007 loader rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

NEW ORDER FOR SUPPLY Ref PO-298721.rtf

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

r007

Decoy

trashpandaservice.com

mobileads.network

ascolstore.com

gelsinextra.com

bonestell.net

heitoll.xyz

ceapgis.com

mon-lapin.biz

miq-eva.com

rematedesillas.com

playingonline.xyz

hausense.quest

tnyzw.com

appsdial.com

addcolor.city

hagenoblog.com

michaelwesleyj.com

she-zain.com

lorhsems.com

karmaserena.com

avatarrooms.com

friendsofrythmia.com

hdnhwy.com

firstnightfanfiction.net

vixflow.com

b8ceex.com

generatespeed.com

vaps02.com

climate-crisis.team

saturdaynightl.com

baro-drom.com

talleyresort.com

doctruyenovergeared.com

mogli-designz.info

politiciantunnel.com

housesyrron.com

troibrown.com

go-svetovanje.com

littlebittech.com

totallyglamplans.com

primeusatv.com

leifengping.com

halalfreshdelivery.com

gumbosgeorgetown.com

alittleraeoflight.com

xn--tckybzdtby655a5tj.xyz

wgassllc.xyz

craftandcloud.com

attorneyyochum.com

cryptocourse.one

bloomintegratedwellness.com

partypirateboatrentals.com

chainmio-top.xyz

mrjsloan.com

merryutilityservices.net

zglingbishi.com

wytchbytch.com

michigansharkettes.com

gerizon.net

texcelmed.com

cafe21-3.com

freemovies123.online

ungalfresh.com

sendungs.com

iot-vn.com

Targets

- Target
  
  NEW ORDER FOR SUPPLY Ref PO-298721.doc
- Size
  
  9KB
- MD5
  
  999da45debe8277aa7669c3794c3e20a
- SHA1
  
  4f5d7562a57253fc3d9e08e966a446124dc73314
- SHA256
  
  5a2ba485918f8ae4dbe016d972fb1106ce28e5f4a003ab86d82c49db38c921e2
- SHA512
  
  6ac8e668cf358d4b095b610b381921e596c5fe507238108d633e42386830863e658bec07ca1e7a3e33aa18658b40a8b6db837480f5e27b7048293c9f1378b236
Score

10^/10

xloader r007 loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderr007loaderrat

behavioral2

© 2018-2024

Terms | Privacy