xloader | 23c430e7c7c5d5d73fd7fbfcc0d48c2cc421e757e044065d60de5fa9a92c6bb4 | Triage

Submit
Reports

Overview

overview

Static

static

PROFORMA INVOICE.xlsx

windows7_x64

PROFORMA INVOICE.xlsx

windows10_x64

1

Sharing

General

Target

PROFORMA INVOICE.xlsx
Size

310KB
Sample

220112-kvfynscacn
MD5

f3413ff9501018c53c2d69e8df9da4a5
SHA1

77baed712f614ed086dd9713d05d13cbc3300e85
SHA256

23c430e7c7c5d5d73fd7fbfcc0d48c2cc421e757e044065d60de5fa9a92c6bb4
SHA512

6dc5e95b607220276de2964cdf440ea89db983d1b2bac141abc5d8ffd9d6e05eabeabe6ad106fda7752e29123ac0c2a3be4a7b985c34ef09bec57df60cb27dcf

Score

10^/10

xloader nt3f loader rat suricata

Static task

static1

Behavioral task

behavioral1

Sample

PROFORMA INVOICE.xlsx

Resource

win7-en-20211208

xloader nt3f loader rat suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

PROFORMA INVOICE.xlsx

Resource

win10-en-20211208

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

nt3f

Decoy

tricyclee.com

kxsw999.com

wisteria-pavilion.com

bellaclancy.com

promissioskincare.com

hzy001.xyz

checkouthomehd.com

soladere.com

point4sales.com

socalmafia.com

libertadysarmiento.online

nftthirty.com

digitalgoldcryptostock.net

tulekiloscaird.com

austinfishandchicken.com

wlxxch.com

mgav51.xyz

landbanking.global

saprove.com

babyfaces.skin

elainemaxwellcoaching.com

1388xc.com

juveniscloud.com

bsauksjon.com

the-waterkooler.com

comment-changer-sa-vie.com

psmcnd.top

rhodesleadingedge.com

mccuelawfirm.com

skinnscience.club

hype-clicks.com

liaojinc.xyz

okmakers.com

ramblertour.online

wickedhunterworld.com

fit-threads.com

cookidoo.website

magentabin.com

pynch1.com

best-paper-to-know-today.info

allmight.net

monicraftsprintables.com

avataroasis.com

10dian-4.com

cozastore.net

capitalcased.com

spacezanome.xyz

feiyangmi.com

11opus.com

getinteriorsolution.com

tidyhutstore.com

amazingpomskyfamily.com

tfcvintage.com

halfanape.com

rotakb.com

martinasfood.com

the-thanks.com

mithilmehta.com

em-photo.art

primerepro.com

lankasirinspa.com

gtbaibang.com

zealandiatobacco.com

deepikatransportpackers.com

eagle-meter.com

Targets

- Target
  
  PROFORMA INVOICE.xlsx
- Size
  
  310KB
- MD5
  
  f3413ff9501018c53c2d69e8df9da4a5
- SHA1
  
  77baed712f614ed086dd9713d05d13cbc3300e85
- SHA256
  
  23c430e7c7c5d5d73fd7fbfcc0d48c2cc421e757e044065d60de5fa9a92c6bb4
- SHA512
  
  6dc5e95b607220276de2964cdf440ea89db983d1b2bac141abc5d8ffd9d6e05eabeabe6ad106fda7752e29123ac0c2a3be4a7b985c34ef09bec57df60cb27dcf
Score

10^/10

xloader nt3f loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata
- Xloader Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Scheduled Task

Exploitation for Client Execution

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloadernt3floaderratsuricata

behavioral2

© 2018-2024

Terms | Privacy