xloader | 1ee280cb4130d09c2739d4e89cfd0aaa3a2a996d86606e43d4d42e29ac73ca28 | Triage

Submit
Reports

Overview

overview

Static

static

tmp/1ee280...28.xls

windows7_x64

tmp/1ee280...28.xls

windows10_x64

1

Sharing

General

Target

tmp/1ee280cb4130d09c2739d4e89cfd0aaa3a2a996d86606e43d4d42e29ac73ca28.xls
Size

310KB
Sample

220111-m4tx1afegn
MD5

f4d6c1f8616c2d921abe653049bf2b37
SHA1

41b4ede1e3f10a46b029a75cc472132ad1afae84
SHA256

1ee280cb4130d09c2739d4e89cfd0aaa3a2a996d86606e43d4d42e29ac73ca28
SHA512

77e02662535a351eccfdf8884f78920befb20e2fd5ff7c7d1cf762ae476967361fa4b09140c9d4bda9204dfdfd92e7a4658fd85768a2ac5b2c91a17649e670e7

Score

10^/10

xloader ef6c loader rat suricata

Static task

static1

Behavioral task

behavioral1

Sample

tmp/1ee280cb4130d09c2739d4e89cfd0aaa3a2a996d86606e43d4d42e29ac73ca28.xls

Resource

win7-en-20211208

xloader ef6c loader rat suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

tmp/1ee280cb4130d09c2739d4e89cfd0aaa3a2a996d86606e43d4d42e29ac73ca28.xls

Resource

win10-en-20211208

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ef6c

Decoy

gicaredocs.com

govusergroup.com

conversationspit.com

brondairy.com

rjtherealest.com

xn--9m1bq8wgkag3rjvb.com

mylori.net

softandcute.store

ahljsm.com

shacksolid.com

weekendmusecollection.com

gaminghallarna.net

pgonline111.online

44mpt.xyz

ambrandt.com

eddytattoo.com

blendeqes.com

upinmyfeels.com

lacucinadesign.com

docomoau.xyz

xn--90armbk7e.online

xzq585858.net

kidzgovroom.com

lhznqyl.press

publicationsplace.com

jakante.com

csspadding.com

test-testjisdnsec.store

lafabriqueabeilleassurances.com

clf010.com

buybabysnuggle.com

uzmdrmustafaalperaykanat.com

levanttradegroup.com

arcflorals.com

kinglot2499.com

freekagyans.com

region10group.gmbh

yeyelm744.com

thehomedesigncentre.com

vngc.xyz

szesdkj.com

charlottewright.online

planetgreennetwork.com

pacifica7.com

analogueadapt.com

sensorypantry.com

narbaal.com

restaurant-utopia.xyz

golnay.com

szyyglass.com

redelirevearyseuiop.xyz

goldsteelconstruction.com

discovercotswoldcottages.com

geniuseven.net

apricitee.com

stopmoshenik.online

ya2gh.com

instatechnovelz.com

dbe648.com

seifjuban.com

conquershirts.store

totalcovidtravel.com

pamperotrabajo.com

satellitphonestore.com

fis.photos

Targets

- Target
  
  tmp/1ee280cb4130d09c2739d4e89cfd0aaa3a2a996d86606e43d4d42e29ac73ca28.xls
- Size
  
  310KB
- MD5
  
  f4d6c1f8616c2d921abe653049bf2b37
- SHA1
  
  41b4ede1e3f10a46b029a75cc472132ad1afae84
- SHA256
  
  1ee280cb4130d09c2739d4e89cfd0aaa3a2a996d86606e43d4d42e29ac73ca28
- SHA512
  
  77e02662535a351eccfdf8884f78920befb20e2fd5ff7c7d1cf762ae476967361fa4b09140c9d4bda9204dfdfd92e7a4658fd85768a2ac5b2c91a17649e670e7
Score

10^/10

xloader ef6c loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata
- Xloader Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderef6cloaderratsuricata

behavioral2

© 2018-2024

Terms | Privacy