xloader | 910b1e687bf0031c11e812c4c0802e9ca6381621a082fbc39aa87c0d5cdb5da0 | Triage

Submit
Reports

Overview

overview

Static

static

SHIPPING D...T.xlsx

windows7_x64

SHIPPING D...T.xlsx

windows10_x64

1

Sharing

General

Target

SHIPPING DOCUMENT.xlsx
Size

228KB
Sample

211207-rwhbfsacdk
MD5

b9bab7464729bcbd5eecf28e598bfe4d
SHA1

e3cf73ecb601581caf7c1cfa4d52e1db65685d7e
SHA256

910b1e687bf0031c11e812c4c0802e9ca6381621a082fbc39aa87c0d5cdb5da0
SHA512

7cdebb42c90e8a7a26fa0f4cbbf44969a68f53daf7049b54d637ed7846512dbd34845d316d17ab69cd58bedaddb69b4dd160df36a1d68efc2d8099df0c9c1399

Score

10^/10

xloader ea0r loader rat suricata

Static task

static1

Behavioral task

behavioral1

Sample

SHIPPING DOCUMENT.xlsx

Resource

win7-en-20211104

xloader ea0r loader rat suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

SHIPPING DOCUMENT.xlsx

Resource

win10-en-20211104

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ea0r

C2

http://www.asiapubz-hk.com/ea0r/

Decoy

lionheartcreativestudios.com

konzertmanagement.com

blackpanther.online

broychim-int.com

takut18.com

txstarsolar.com

herdsherpa.com

igorshestakov.com

shinesbox.com

reflectpkljlt.xyz

oiltoolshub.com

viralmoneychallenge.com

changingalphastrategies.com

mecitiris.com

rdadmin.online

miniambiente.com

kominarcine.com

pino-almond.com

heihit.xyz

junqi888.com

metalumber.com

sclvfu.com

macanostore.online

projecturs.com

ahcprp.com

gztyfnrj.com

lospacenos.com

tak-etranger.com

dingermail.com

skiin.club

ystops.com

tnboxes.com

ccafgz.com

info1337.xyz

platinum24.top

hothess.com

novelfinancewhite.xyz

theselectdifference.com

flufca.com

giftcodefreefirevns.com

kgv-lachswehr.com

report-alfarabilabs.com

skeetones.com

4bcinc.com

americamr.com

wewonacademy.com

evrazavto.store

true-fanbox.com

greencofiji.com

threecommaspartners.com

hgtradingcoltd.com

xihe1919.com

241mk.com

helplockedout.com

wefundprojects.com

neosecure.store

purenewsworldwide.com

luckylottovip999.com

lottidobler.com

proyectohaciendohistoria.com

raintm.com

theproducerformula.com

trademarkitforyourself.com

ottaweed.com

Targets

- Target
  
  SHIPPING DOCUMENT.xlsx
- Size
  
  228KB
- MD5
  
  b9bab7464729bcbd5eecf28e598bfe4d
- SHA1
  
  e3cf73ecb601581caf7c1cfa4d52e1db65685d7e
- SHA256
  
  910b1e687bf0031c11e812c4c0802e9ca6381621a082fbc39aa87c0d5cdb5da0
- SHA512
  
  7cdebb42c90e8a7a26fa0f4cbbf44969a68f53daf7049b54d637ed7846512dbd34845d316d17ab69cd58bedaddb69b4dd160df36a1d68efc2d8099df0c9c1399
Score

10^/10

xloader ea0r loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata
- Xloader Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderea0rloaderratsuricata

behavioral2

© 2018-2024

Terms | Privacy