xloader | c4cf66d4270ed0cd9203da8136221f9615b65b2e99154c349ca70edbb0b73218 | Triage

Submit
Reports

Overview

overview

Static

static

Hua Joo Su...y.xlsx

windows7_x64

Hua Joo Su...y.xlsx

windows10_x64

1

Sharing

General

Target

Hua Joo Success Industry.xlsx
Size

590KB
Sample

210920-hzlnlsfhdm
MD5

74fa450d0d5c2635b91a63fec6a6014e
SHA1

b9c4dde16c1882145f0cdf26400365f878c8608b
SHA256

c4cf66d4270ed0cd9203da8136221f9615b65b2e99154c349ca70edbb0b73218
SHA512

81779b4cb9a9d9b2deb7ca911092ce2361db9d599546ff2ffbe665f68e08c0b4347ff4265eeaba1a730fe78abe4e429dbb29734b97cc6c08560e96c10ca8130b

Score

10^/10

xloader euzn loader rat suricata

Static task

static1

Behavioral task

behavioral1

Sample

Hua Joo Success Industry.xlsx

Resource

win7v20210408

xloader euzn loader rat suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Hua Joo Success Industry.xlsx

Resource

win10-en

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

euzn

C2

http://www.heser.net/euzn/

Decoy

235296tyc.com

gold12guide.art

baibuaherb.com

weberwines.tax

chezvitoria.com

aidenb.tech

pitchdeckservice.com

surgeryforfdf.xyz

workunvaccinated.com

hrtaro.com

yourotcs.com

sonimultispecialityclinic.com

consultantadvisors.com

pentesting-consulting.com

dantechs.digital

longshifa.online

taweilai.net

imyusuke.com

cashndashfinancial.com

fasiglimt.quest

jakital.com

graywolfdesign.com

pepeavatar.com

predixlogisticscourier.com

football-transfer-news.pro

herbalmedication.xyz

esd66.com

janesgalant.quest

abcrefreshments.com

chaoxy.com

rediscoveringyouhealing.com

mcrjadr5.xyz

n4sins.com

faithful-presence.com

013yu.xyz

isystemslanka.com

newbeautydk.com

ethiopia-info.com

hgaffiliates.net

anodynemedicalmassage.com

esohgroup.com

clinicamonicabarros.com

rafathecook.com

londonescort.xyz

dreamites.com

webtiyan.com

cnnautorepair.com

soposhshop.com

aarohaninsight2021.com

arceprojects.com

mecasso.store

mirai-energy.com

barwg.com

angeescollections-shop.com

xinlishiqiaoqiao.xyz

linuxsauce.net

dirbn.com

anandiaper.xyz

blackpanther.online

livinwoodbridgefarms.com

diepraxiskommunikation.com

radiosaptshahid.com

gofieldtest.com

minxtales.com

Targets

- Target
  
  Hua Joo Success Industry.xlsx
- Size
  
  590KB
- MD5
  
  74fa450d0d5c2635b91a63fec6a6014e
- SHA1
  
  b9c4dde16c1882145f0cdf26400365f878c8608b
- SHA256
  
  c4cf66d4270ed0cd9203da8136221f9615b65b2e99154c349ca70edbb0b73218
- SHA512
  
  81779b4cb9a9d9b2deb7ca911092ce2361db9d599546ff2ffbe665f68e08c0b4347ff4265eeaba1a730fe78abe4e429dbb29734b97cc6c08560e96c10ca8130b
Score

10^/10

xloader euzn loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata
- Xloader Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloadereuznloaderratsuricata

behavioral2

© 2018-2024

Terms | Privacy