xloader | 060c2f164a53cf74817b9b2f176d770dbde8b1ef71fe5322abf9ae8197232b7d | Triage

Submit
Reports

Overview

overview

Static

static

060c2f-rundll32.exe

windows7_x64

Sharing

General

Target

060c2f-rundll32.exe
Size

366KB
Sample

220113-tld76abdel
MD5

0789de01663a113fd853dc3ee29581ae
SHA1

d0833aad9b9f97a5e609fe6574e24689bb246796
SHA256

060c2f164a53cf74817b9b2f176d770dbde8b1ef71fe5322abf9ae8197232b7d
SHA512

af301ec3c4005cbb5842e8a344a6a8b09dc687180df3309f71d8fd7b8aa1b6724ef7bd55ee5eaec7f785fa4aacf8307d4c1df813aaeb66aa07211a6f2b30432e

Score

10^/10

xloader fqiq loader rat suricata

Static task

static1

Behavioral task

behavioral1

Sample

060c2f-rundll32.exe

Resource

win7-en-20211208

xloader fqiq loader rat suricata

windows7_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

fqiq

Decoy

driventow.com

ipatchwork.today

bolder.equipment

seal-brother.com

mountlaketerraceapartments.com

weeden.xyz

sanlifalan.com

athafood.com

isshinn1.com

creationslazzaroni.com

eclecticrenaissancewoman.com

satellitephonstore.com

cotchildcare.com

yamacorp.digital

ff4cuno43.xyz

quicksticks.community

govindfinance.com

farmersfirstseed.com

megacinema.club

tablescaperendezvous4two.com

ecarehomes.com

floaterslaser.com

benisano.com

saint444.com

thedusi.com

avafxtrade.online

hanenosuke.com

suntioil4u.com

healthyweekendtips.com

24000words.com

ofbchina.net

begukiu0.info

wolmoda.com

mask60.com

4bellemaison.com

mambacustomboats.com

sedsn.com

doggycc.com

kangrungao.com

pharmacistcharisma.com

passiverewardssystems.com

qywyfeo8.xyz

shenjiclass.com

rdoi.top

lavishbynovell.com

fleetton.com

hillcresthomegroup.com

hartfulcleaning.com

srofkansas.com

applebroog.industries

phillytrainers.com

dmc--llc.com

sosoon.store

daysyou.com

controldatasa.com

markarge.com

hirayaawards.com

clinicscluster.com

sophiagunterman.art

kirtansangeet.com

residential.insure

ribbonofficial.com

qianhaijcc.com

fytvankin.quest

esyscoloradosprings.com

Targets

- Target
  
  060c2f-rundll32.exe
- Size
  
  366KB
- MD5
  
  0789de01663a113fd853dc3ee29581ae
- SHA1
  
  d0833aad9b9f97a5e609fe6574e24689bb246796
- SHA256
  
  060c2f164a53cf74817b9b2f176d770dbde8b1ef71fe5322abf9ae8197232b7d
- SHA512
  
  af301ec3c4005cbb5842e8a344a6a8b09dc687180df3309f71d8fd7b8aa1b6724ef7bd55ee5eaec7f785fa4aacf8307d4c1df813aaeb66aa07211a6f2b30432e
Score

10^/10

xloader fqiq loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE APT-C-23 Activity (GET)
  suricata: ET MALWARE APT-C-23 Activity (GET)
  suricata
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

xloaderfqiqloaderratsuricata

© 2018-2024

Terms | Privacy