xloader | 0e4153fadb2a59bd00657efa6a6577cc87bcde44a83096b56bfe72ca173068c9 | Triage

Submit
Reports

Overview

overview

Static

static

Payment_Advice.xlsx

windows7_x64

Payment_Advice.xlsx

windows10_x64

1

Sharing

General

Target

Payment_Advice.xlsx
Size

187KB
Sample

220127-qbjhcadbaq
MD5

e094e0b6cc51ad7431c6bf4ba49b5377
SHA1

07d86b5d72a281aa3ff99945c24edb0b9b63ce74
SHA256

0e4153fadb2a59bd00657efa6a6577cc87bcde44a83096b56bfe72ca173068c9
SHA512

83b1ea10cf64825524619956ab6eeea95f1c050ac249984de6595c38aa46cbb26d2acfadbca279bbde91e67c0d52f5f14907611f0322052b4cb7556ceee2de7e

Score

10^/10

xloader nt3f loader rat suricata

Static task

static1

Behavioral task

behavioral1

Sample

Payment_Advice.xlsx

Resource

win7-en-20211208

xloader nt3f loader rat suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Payment_Advice.xlsx

Resource

win10-en-20211208

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

nt3f

Decoy

tricyclee.com

kxsw999.com

wisteria-pavilion.com

bellaclancy.com

promissioskincare.com

hzy001.xyz

checkouthomehd.com

soladere.com

point4sales.com

socalmafia.com

libertadysarmiento.online

nftthirty.com

digitalgoldcryptostock.net

tulekiloscaird.com

austinfishandchicken.com

wlxxch.com

mgav51.xyz

landbanking.global

saprove.com

babyfaces.skin

elainemaxwellcoaching.com

1388xc.com

juveniscloud.com

bsauksjon.com

the-waterkooler.com

comment-changer-sa-vie.com

psmcnd.top

rhodesleadingedge.com

mccuelawfirm.com

skinnscience.club

hype-clicks.com

liaojinc.xyz

okmakers.com

ramblertour.online

wickedhunterworld.com

fit-threads.com

cookidoo.website

magentabin.com

pynch1.com

best-paper-to-know-today.info

allmight.net

monicraftsprintables.com

avataroasis.com

10dian-4.com

cozastore.net

capitalcased.com

spacezanome.xyz

feiyangmi.com

11opus.com

getinteriorsolution.com

tidyhutstore.com

amazingpomskyfamily.com

tfcvintage.com

halfanape.com

rotakb.com

martinasfood.com

the-thanks.com

mithilmehta.com

em-photo.art

primerepro.com

lankasirinspa.com

gtbaibang.com

zealandiatobacco.com

deepikatransportpackers.com

eagle-meter.com

Targets

- Target
  
  Payment_Advice.xlsx
- Size
  
  187KB
- MD5
  
  e094e0b6cc51ad7431c6bf4ba49b5377
- SHA1
  
  07d86b5d72a281aa3ff99945c24edb0b9b63ce74
- SHA256
  
  0e4153fadb2a59bd00657efa6a6577cc87bcde44a83096b56bfe72ca173068c9
- SHA512
  
  83b1ea10cf64825524619956ab6eeea95f1c050ac249984de6595c38aa46cbb26d2acfadbca279bbde91e67c0d52f5f14907611f0322052b4cb7556ceee2de7e
Score

10^/10

xloader nt3f loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata
- Xloader Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Scheduled Task

Exploitation for Client Execution

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloadernt3floaderratsuricata

behavioral2

© 2018-2024

Terms | Privacy