xloader | e77c0dac6db8e58ccd949a237694a0824b4117d521357658a1fc5cb47bbbf893 | Triage

Submit
Reports

Overview

overview

Static

static

tmp/e77c0d...93.xls

windows7_x64

tmp/e77c0d...93.xls

windows10_x64

1

Sharing

General

Target

tmp/e77c0dac6db8e58ccd949a237694a0824b4117d521357658a1fc5cb47bbbf893.xls
Size

309KB
Sample

220112-khpp2sbhfk
MD5

4678ecadcced7f0033aebe9eb2900c00
SHA1

2355b35d4edb502550382e41fa96b0e9c565da76
SHA256

e77c0dac6db8e58ccd949a237694a0824b4117d521357658a1fc5cb47bbbf893
SHA512

6c3225f99dcedcd9fbe551d1af4ef89b26c34c96ce39ba61d62131bd2d0cbe9a05473b5d812d04531d53284c57a32611ccdd6b3747b4d566c48e0ef4f1224bc7

Score

10^/10

xloader ef6c loader rat suricata

Static task

static1

Behavioral task

behavioral1

Sample

tmp/e77c0dac6db8e58ccd949a237694a0824b4117d521357658a1fc5cb47bbbf893.xls

Resource

win7-en-20211208

xloader ef6c loader rat suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

tmp/e77c0dac6db8e58ccd949a237694a0824b4117d521357658a1fc5cb47bbbf893.xls

Resource

win10-en-20211208

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ef6c

Decoy

gicaredocs.com

govusergroup.com

conversationspit.com

brondairy.com

rjtherealest.com

xn--9m1bq8wgkag3rjvb.com

mylori.net

softandcute.store

ahljsm.com

shacksolid.com

weekendmusecollection.com

gaminghallarna.net

pgonline111.online

44mpt.xyz

ambrandt.com

eddytattoo.com

blendeqes.com

upinmyfeels.com

lacucinadesign.com

docomoau.xyz

xn--90armbk7e.online

xzq585858.net

kidzgovroom.com

lhznqyl.press

publicationsplace.com

jakante.com

csspadding.com

test-testjisdnsec.store

lafabriqueabeilleassurances.com

clf010.com

buybabysnuggle.com

uzmdrmustafaalperaykanat.com

levanttradegroup.com

arcflorals.com

kinglot2499.com

freekagyans.com

region10group.gmbh

yeyelm744.com

thehomedesigncentre.com

vngc.xyz

szesdkj.com

charlottewright.online

planetgreennetwork.com

pacifica7.com

analogueadapt.com

sensorypantry.com

narbaal.com

restaurant-utopia.xyz

golnay.com

szyyglass.com

redelirevearyseuiop.xyz

goldsteelconstruction.com

discovercotswoldcottages.com

geniuseven.net

apricitee.com

stopmoshenik.online

ya2gh.com

instatechnovelz.com

dbe648.com

seifjuban.com

conquershirts.store

totalcovidtravel.com

pamperotrabajo.com

satellitphonestore.com

fis.photos

Targets

- Target
  
  tmp/e77c0dac6db8e58ccd949a237694a0824b4117d521357658a1fc5cb47bbbf893.xls
- Size
  
  309KB
- MD5
  
  4678ecadcced7f0033aebe9eb2900c00
- SHA1
  
  2355b35d4edb502550382e41fa96b0e9c565da76
- SHA256
  
  e77c0dac6db8e58ccd949a237694a0824b4117d521357658a1fc5cb47bbbf893
- SHA512
  
  6c3225f99dcedcd9fbe551d1af4ef89b26c34c96ce39ba61d62131bd2d0cbe9a05473b5d812d04531d53284c57a32611ccdd6b3747b4d566c48e0ef4f1224bc7
Score

10^/10

xloader ef6c loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata
- Xloader Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderef6cloaderratsuricata

behavioral2

© 2018-2024

Terms | Privacy