xloader | c4d02d2a69ba8a52ee9be8727c37e5cac75a2cbd79aaf51936de99b42fe9d3e2 | Triage

Submit
Reports

Overview

overview

Static

static

Statement ...t.xlsx

windows7_x64

Statement ...t.xlsx

windows10_x64

1

Sharing

General

Target

Statement of Account.xlsx
Size

343KB
Sample

211018-jaqfyaeagp
MD5

f64b10dbacd98b43a96e5fbb6ad24c3f
SHA1

230148ed7d498f33522666a5c1ba19928da496e4
SHA256

c4d02d2a69ba8a52ee9be8727c37e5cac75a2cbd79aaf51936de99b42fe9d3e2
SHA512

79705ed1eac394c5b47d44641fd14c0bb806bfa3b5ba082ddbfbe89a7679b24da3bfa854c7c8e1b55b1ae8e8a177dcde19b1d394e3dea2b28ff4abed92789f70

Score

10^/10

xloader mxnu loader rat suricata

Static task

static1

Behavioral task

behavioral1

Sample

Statement of Account.xlsx

Resource

win7-en-20210920

xloader mxnu loader rat suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Statement of Account.xlsx

Resource

win10-en-20211014

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

mxnu

C2

http://www.naplesconciergerealty.com/mxnu/

Decoy

insightmyhome.com

gabriellamaxey.com

029atk.xyz

marshconstructions.com

technichoffghosts.com

blue-ivy-boutique-au.com

1sunsetgroup.com

elfkuhnispb.store

caoliudh.club

verifiedpaypal.net

jellyice-tr.com

gatescres.com

bloomberq.online

crystaltopagent.net

uggs-line.com

ecommerceplatform.xyz

historyofcambridge.com

sattaking-gaziabad.xyz

digisor.com

beachpawsmobilegrooming.com

whitebot.xyz

zacky6.online

qlfa8gzk8f.com

scottjasonfowler.com

influxair.com

desongli.com

xn--w7uy63f0ne2sj.com

pinup722bk.com

haohuatour.com

dharmathinkural.com

hanjyu.com

tbrhc.com

clarityflux.com

meltonandcompany.com

revgeek.com

onehigh.club

closetu.com

yama-nkok.com

brandonhistoryandinfo.com

funkidsroomdecor.com

epilasyonmerkeziankara.com

265411.com

watch12.online

dealsbonaza.com

gold2guide.art

tomclark.online

877961.com

washingtonboatrentals.com

promovart.com

megapollice.online

taquerialoteria.com

foxsontreeservice.com

safebookkeeping.com

theeducationwheel.online

sasanos.com

procurovariedades.com

normandia.pro

ingdalynnia.xyz

campusguideconsulting.com

ashramseries.com

clubcupids.art

mortgagerates.solutions

deepscanlabs.com

insulated-box.com

Targets

- Target
  
  Statement of Account.xlsx
- Size
  
  343KB
- MD5
  
  f64b10dbacd98b43a96e5fbb6ad24c3f
- SHA1
  
  230148ed7d498f33522666a5c1ba19928da496e4
- SHA256
  
  c4d02d2a69ba8a52ee9be8727c37e5cac75a2cbd79aaf51936de99b42fe9d3e2
- SHA512
  
  79705ed1eac394c5b47d44641fd14c0bb806bfa3b5ba082ddbfbe89a7679b24da3bfa854c7c8e1b55b1ae8e8a177dcde19b1d394e3dea2b28ff4abed92789f70
Score

10^/10

xloader mxnu loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata
- Xloader Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloadermxnuloaderratsuricata

behavioral2

© 2018-2024

Terms | Privacy