xloader | 4c84124c87cd46ce58a7a8208ad1674c4a270793f9a6158e80fd28f96b3cc844 | Triage

Submit
Reports

Overview

overview

Static

static

REMITTANCE...E.xlsx

windows7_x64

REMITTANCE...E.xlsx

windows10_x64

1

Sharing

General

Target

REMITTANCE ADVICE.xlsx
Size

228KB
Sample

211125-vgv6jsfhdl
MD5

2caab2292b282e6a5dea1cf78f84924a
SHA1

86f37c31091b15cca135490a84eb52027bb1a4df
SHA256

4c84124c87cd46ce58a7a8208ad1674c4a270793f9a6158e80fd28f96b3cc844
SHA512

70590f55c98c31fb7b2a95cb6d6b63917e1fa0f868c3af852a805d45cbb176356a4b1dc1431ef908c680821730d0d02948956c03388fcee6fcf6bbd661d55733

Score

10^/10

xloader m07f loader rat suricata

Static task

static1

Behavioral task

behavioral1

Sample

REMITTANCE ADVICE.xlsx

Resource

win7-en-20211014

xloader m07f loader rat suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

REMITTANCE ADVICE.xlsx

Resource

win10-en-20211104

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

m07f

C2

http://www.ff4cu6twc.xyz/m07f/

Decoy

khitthit.club

kczu.net

caylalamar.com

iixiazai.com

nickatwoodrealestate.com

006664.com

strimsbdltd.com

mykyhouse.com

flyestkicks.com

campingwithoutcanvas.com

sarishamisen.com

retrorecycling.com

zw4azsjb3cuj.biz

lokasennaservices.com

charleswagner.xyz

smmbazar.net

rebornmkt.com

clicktoreach.com

alendigital.xyz

carehrc.com

locationdevice.online

homevoru.com

electrahealth.clinic

punto-linea-espacio.com

yhxt13800.com

pancakeshares.com

artdecooutdoor.com

phg-formation.com

businessagilitysessions.com

procofun.com

thekatz.group

casepoo.com

tokofebri.store

crippledom.com

online-shrine-ltd.com

jesbon.com

ligoom.com

odonofally.quest

tender.guru

payments-gate-325r.xyz

bfcmtld.com

scoocs.info

welderstexas.com

eastendfinances.com

bohoglamburlesque.com

naijafame.net

digitallghtning.com

refreshpor.xyz

luly-boo.com

enchantedroses-shop.com

victorrialand.com

kenzivenum.com

protokolavukatlik.com

berrymojito.com

empireexteriorservices.com

pushaoeel-kouhu-bunan7266.com

travellerbugs.com

allcources.com

jaszicurls.com

rem-youth.com

strawberryroom-15.com

paramusinsurancebroker.com

jhtz001.com

promtgloan.com

Targets

- Target
  
  REMITTANCE ADVICE.xlsx
- Size
  
  228KB
- MD5
  
  2caab2292b282e6a5dea1cf78f84924a
- SHA1
  
  86f37c31091b15cca135490a84eb52027bb1a4df
- SHA256
  
  4c84124c87cd46ce58a7a8208ad1674c4a270793f9a6158e80fd28f96b3cc844
- SHA512
  
  70590f55c98c31fb7b2a95cb6d6b63917e1fa0f868c3af852a805d45cbb176356a4b1dc1431ef908c680821730d0d02948956c03388fcee6fcf6bbd661d55733
Score

10^/10

xloader m07f loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata
- Xloader Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderm07floaderratsuricata

behavioral2

© 2018-2024

Terms | Privacy