xloader | be60f84619955a078bd3d3a90275d55847ea41877c108b498bc4a77274b10f37 | Triage

Submit
Reports

Overview

overview

Static

static

e-pda 0003...1.xlsx

windows7_x64

e-pda 0003...1.xlsx

windows10_x64

1

Sharing

General

Target

e-pda 0003000009011.xlsx
Size

187KB
Sample

220127-qb4hhsdbcj
MD5

311a0b499bb2180ce183330006de9fa3
SHA1

df4b6eca6a2eda123b34e3254d1d68181447a89c
SHA256

be60f84619955a078bd3d3a90275d55847ea41877c108b498bc4a77274b10f37
SHA512

e9f911affc17621aad179549d088bac466ec2e4b0536a2477ac9fecff411b669cccf4a4ae109b6419ed9538fe2eab750b32d7480aa717f0706742723850f3caf

Score

10^/10

xloader o6tg loader rat suricata

Static task

static1

Behavioral task

behavioral1

Sample

e-pda 0003000009011.xlsx

Resource

win7-en-20211208

xloader o6tg loader rat suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

e-pda 0003000009011.xlsx

Resource

win10-en-20211208

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

o6tg

Decoy

turkscaicosonline.com

novelfoodtech.com

zgrmfww.com

gestionalcliente24hrs.store

postrojka.com

tapissier-uzes.com

tobytram.one

preamblegames.com

clicklinkzs.com

franksenen.com

beautygateway.net

foils-online.com

aout.us

promarkoperations.com

alignatura.com

changemylifefast.info

minbex.icu

internethustlersociety.com

chinacqn.com

fibsh.com

878971.com

diy-shisha.com

smarthomesecurity.online

orimsglow.com

platterwax.xyz

ipinksheets.com

robertatoschi.com

mieventi.com

qumuras.info

anyoneh.com

lovegasboutique.com

elimchambers.com

nanopicomedia.com

getoken.net

thechristmaslightingstore.com

progressivecapital.net

ott-leszek.com

flaneur.city

srikrishnadental.com

bantasis.com

forhims.jobs

sscmdpt.com

americanpawnaz.com

greatdayplumbing.com

skinstorecenter.com

chaoticcomicscrafts.com

farhadhossain.us

c-soi.com

http01.com

tjweifukeji.com

controldatasa.com

fitlearningphoenix.solutions

polecatroofing.com

xrxgqf.website

helmettips.com

caesarscasiono.com

dmfcommercialrealty.com

risecards.com

energycolumbus.com

slot138gacor.com

votenoahring.com

trigatefinancial.com

cuework.com

victorianalpine.com

makvik.online

Targets

- Target
  
  e-pda 0003000009011.xlsx
- Size
  
  187KB
- MD5
  
  311a0b499bb2180ce183330006de9fa3
- SHA1
  
  df4b6eca6a2eda123b34e3254d1d68181447a89c
- SHA256
  
  be60f84619955a078bd3d3a90275d55847ea41877c108b498bc4a77274b10f37
- SHA512
  
  e9f911affc17621aad179549d088bac466ec2e4b0536a2477ac9fecff411b669cccf4a4ae109b6419ed9538fe2eab750b32d7480aa717f0706742723850f3caf
Score

10^/10

xloader o6tg loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016
  suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016
  suricata
- Xloader Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloadero6tgloaderratsuricata

behavioral2

© 2018-2024

Terms | Privacy