xloader | 885a3f3c6c82f70a36a07cc47a0655ec01283f28863aa8c216f6ffa73f77bf2e | Triage

Submit
Reports

Overview

overview

Static

static

tmp/885a3f...2e.xls

windows7_x64

tmp/885a3f...2e.xls

windows10_x64

1

Sharing

General

Target

tmp/885a3f3c6c82f70a36a07cc47a0655ec01283f28863aa8c216f6ffa73f77bf2e.xls
Size

317KB
Sample

211220-qrcdzaafd7
MD5

207b94d9cc8b9af2ccc9ff119cf94ae5
SHA1

2c562a8c366f4ae564e7b6e9264212fb602429bf
SHA256

885a3f3c6c82f70a36a07cc47a0655ec01283f28863aa8c216f6ffa73f77bf2e
SHA512

0feef63885c908f399d794496b420b514ca67b6874440ddba7d8972250f6c1384278155a5b7ee2917cef95ac167705a75cc6ae8ad9fedfdb7575426fd74e7354

Score

10^/10

xloader fqiq loader rat

Static task

static1

Behavioral task

behavioral1

Sample

tmp/885a3f3c6c82f70a36a07cc47a0655ec01283f28863aa8c216f6ffa73f77bf2e.xls

Resource

win7-en-20211208

xloader fqiq loader rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

tmp/885a3f3c6c82f70a36a07cc47a0655ec01283f28863aa8c216f6ffa73f77bf2e.xls

Resource

win10-en-20211208

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

fqiq

Decoy

driventow.com

ipatchwork.today

bolder.equipment

seal-brother.com

mountlaketerraceapartments.com

weeden.xyz

sanlifalan.com

athafood.com

isshinn1.com

creationslazzaroni.com

eclecticrenaissancewoman.com

satellitephonstore.com

cotchildcare.com

yamacorp.digital

ff4cuno43.xyz

quicksticks.community

govindfinance.com

farmersfirstseed.com

megacinema.club

tablescaperendezvous4two.com

ecarehomes.com

floaterslaser.com

benisano.com

saint444.com

thedusi.com

avafxtrade.online

hanenosuke.com

suntioil4u.com

healthyweekendtips.com

24000words.com

ofbchina.net

begukiu0.info

wolmoda.com

mask60.com

4bellemaison.com

mambacustomboats.com

sedsn.com

doggycc.com

kangrungao.com

pharmacistcharisma.com

passiverewardssystems.com

qywyfeo8.xyz

shenjiclass.com

rdoi.top

lavishbynovell.com

fleetton.com

hillcresthomegroup.com

hartfulcleaning.com

srofkansas.com

applebroog.industries

phillytrainers.com

dmc--llc.com

sosoon.store

daysyou.com

controldatasa.com

markarge.com

hirayaawards.com

clinicscluster.com

sophiagunterman.art

kirtansangeet.com

residential.insure

ribbonofficial.com

qianhaijcc.com

fytvankin.quest

esyscoloradosprings.com

Targets

- Target
  
  tmp/885a3f3c6c82f70a36a07cc47a0655ec01283f28863aa8c216f6ffa73f77bf2e.xls
- Size
  
  317KB
- MD5
  
  207b94d9cc8b9af2ccc9ff119cf94ae5
- SHA1
  
  2c562a8c366f4ae564e7b6e9264212fb602429bf
- SHA256
  
  885a3f3c6c82f70a36a07cc47a0655ec01283f28863aa8c216f6ffa73f77bf2e
- SHA512
  
  0feef63885c908f399d794496b420b514ca67b6874440ddba7d8972250f6c1384278155a5b7ee2917cef95ac167705a75cc6ae8ad9fedfdb7575426fd74e7354
Score

10^/10

xloader fqiq loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderfqiqloaderrat

behavioral2

© 2018-2024

Terms | Privacy