xloader | 52061b89eea6713279a56c1d0075b94c2dbda96772592271b9200c81a0941426 | Triage

Submit
Reports

Overview

overview

Static

static

ORIGINAL D...).xlsx

windows7_x64

ORIGINAL D...).xlsx

windows10-2004_x64

1

Sharing

General

Target

ORIGINAL DOCS (INVOICES-BL-PACKING LIST).xlsx
Size

167KB
Sample

220707-ggvywseael
MD5

427844798df6d54274eb9dbb7ccf2859
SHA1

ee430c29a1584d4ec0326b9ef244865bc9148b70
SHA256

52061b89eea6713279a56c1d0075b94c2dbda96772592271b9200c81a0941426
SHA512

69b8f81ee43e90db550463f54e01144240d768874c9f94dd782361ff8bd23517f8e9b600849d467dfc9a9d4fe11d601c8c29d8a91e87a50add681fc68f51e5dd

Score

10^/10

xloader a2es loader rat

Static task

static1

Behavioral task

behavioral1

Sample

ORIGINAL DOCS (INVOICES-BL-PACKING LIST).xlsx

Resource

win7-20220414-en

xloader a2es loader rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ORIGINAL DOCS (INVOICES-BL-PACKING LIST).xlsx

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

a2es

Decoy

glutenfreebahrain.com

sportrid.com

js-films.com

cie-revolver.com

outsourcinginstitutebd.com

roboticsdatascience.com

tebrunk.com

needgreatwork.com

df1b8j2iwbl33n.life

voluum-training.com

cherna-roza.com

xiyouap.com

bluefiftyfoundation.com

angolettomc.com

yhcp225.com

keondredejawn.com

ifeelsilky.com

coraorganizing.com

smartmindstutorials.com

tanphucuong.info

cxy.cool

criatorioimperial.online

timelyzer.com

chounvwd.com

taxidrivertrading.com

vooyage.xyz

mbtq.financial

tmshop.ma

newexmag.com

wildblumebmd.com

faucetvddw.club

sexism.info

precisionspinecolorado.com

jmigy.com

theplayhouse88.com

theskinrevive.com

envisionexpereience.com

matuschekandcompany.com

zouyuting.com

loansbill-pay.website

albertoalaniz.space

elfstore.net

klapia.online

panxiaozhi.net

soprodutosgeniais.com

amstorex.com

tiktokrycy41.xyz

datisbrick.com

hotelnoucanguillem.com

prekkr.com

jensenko.com

spiritualteashop.com

cyberdyne.world

0xauetw0ye50f.xyz

berendsit.com

kalycollcwn.info

tonenusdt.xyz

ckhla.com

igralki.com

princesskinnymixers.com

tvmountinstallguy.com

choicegoodsshop.com

diamont-services.com

mideazhiyou.com

katescakesandcreations.com

Targets

- Target
  
  ORIGINAL DOCS (INVOICES-BL-PACKING LIST).xlsx
- Size
  
  167KB
- MD5
  
  427844798df6d54274eb9dbb7ccf2859
- SHA1
  
  ee430c29a1584d4ec0326b9ef244865bc9148b70
- SHA256
  
  52061b89eea6713279a56c1d0075b94c2dbda96772592271b9200c81a0941426
- SHA512
  
  69b8f81ee43e90db550463f54e01144240d768874c9f94dd782361ff8bd23517f8e9b600849d467dfc9a9d4fe11d601c8c29d8a91e87a50add681fc68f51e5dd
Score

10^/10

xloader a2es loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Abuses OpenXML format to download file from external location
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloadera2esloaderrat

behavioral2

© 2018-2024

Terms | Privacy