xloader | b8587aa8266f54f19957e82df6402ebc56e77f77bd1614ceeee91b9cd8b5b4b4 | Triage

Submit
Reports

Overview

overview

Static

static

RFQ SHEET .xlsx

windows7_x64

RFQ SHEET .xlsx

windows10_x64

1

Sharing

General

Target

RFQ SHEET .xlsx
Size

310KB
Sample

220112-kv2kdacadn
MD5

f1f0cc08d95ede93773d5c81ca809905
SHA1

418aadf3d11ff4aaf77cc30f331588ac22d00f38
SHA256

b8587aa8266f54f19957e82df6402ebc56e77f77bd1614ceeee91b9cd8b5b4b4
SHA512

227f9227ccf4f7849f8819fff109b263c61abd074ce9bf956f6b2dfc47a72b14c09d7df1f8f7bff9c40c9fe43cc6f530c5f97425c4eccce9553bfc7f0bc1194e

Score

10^/10

xloader pnug loader rat suricata

Static task

static1

Behavioral task

behavioral1

Sample

RFQ SHEET .xlsx

Resource

win7-en-20211208

xloader pnug loader rat suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

RFQ SHEET .xlsx

Resource

win10-en-20211208

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

pnug

Decoy

natureate.com

ita-pots.website

sucohansmushroom.com

produrielrosen.com

gosystemupdatenow.online

jiskra.art

janwiench.com

norfolkfoodhall.com

iloveaddictss.com

pogozip.com

buyinstapva.com

teardirectionfreedom.xyz

0205168.com

apaixonadosporpugs.online

jawscoinc.com

crafter.quest

wikipedianow.com

radiopuls.net

kendama-co.com

goodstudycanada.com

huzhoucs.com

asinment.com

fuchsundrudolph.com

arthurenathalia.com

globalcosmeticsstudios.com

brandrackley.com

freemanhub.one

utserver.online

fullspecter.com

wshowcase.com

airjordanshoes-retro.com

linguimatics.com

app-verlengen.icu

singpost.red

j4.claims

inoteapp.net

jrdautomotivellc.com

xn--beaupre-6xa.com

mypolicyportal.net

wdgjdhpg.com

anshulindla.com

m981070.com

vertentebike.com

claim-available.com

buyfudgybombs.com

adfnapoli.com

blackfuid.com

clambakedelivered.info

marketingworksonhold.com

xvyj.top

richardsonsfinest.com

gurimix.com

dorhop.com

mauigrowngreencoffee.net

juzytuu.xyz

pokorny.industries

floridapermitsolutions.com

right-on-target-store.com

ynaire.com

nextpar.com

disdrone.com

fruitfulvinebirth.com

africanfairytale.com

leisuresabah.com

safetyeats.asia

Targets

- Target
  
  RFQ SHEET .xlsx
- Size
  
  310KB
- MD5
  
  f1f0cc08d95ede93773d5c81ca809905
- SHA1
  
  418aadf3d11ff4aaf77cc30f331588ac22d00f38
- SHA256
  
  b8587aa8266f54f19957e82df6402ebc56e77f77bd1614ceeee91b9cd8b5b4b4
- SHA512
  
  227f9227ccf4f7849f8819fff109b263c61abd074ce9bf956f6b2dfc47a72b14c09d7df1f8f7bff9c40c9fe43cc6f530c5f97425c4eccce9553bfc7f0bc1194e
Score

10^/10

xloader pnug loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderpnugloaderratsuricata

behavioral2

© 2018-2024

Terms | Privacy