xloader | d688d58ddc22d144141b6b2791d6437b82bdac95267b263cb5ae04c855e32df2 | Triage

Submit
Reports

Overview

overview

Static

static

SWIFT Message.xlsx

windows7_x64

SWIFT Message.xlsx

windows10_x64

1

Sharing

General

Target

SWIFT Message.xlsx
Size

192KB
Sample

220127-qbk16sdbbk
MD5

de48399098ab9596a733ccc22252c019
SHA1

caa8c059a3ccc4aba10e9720c6eaa3162dfff665
SHA256

d688d58ddc22d144141b6b2791d6437b82bdac95267b263cb5ae04c855e32df2
SHA512

90548dedfd9d8dd828760502cf8e00ebffcbedc71e03628f971dfb3c2275691de87326ec673ca5e8b048e1a895b7d3429a9014fdb826aed2cac7e551f842ddb5

Score

10^/10

xloader u6vb loader rat suricata

Static task

static1

Behavioral task

behavioral1

Sample

SWIFT Message.xlsx

Resource

win7-en-20211208

xloader u6vb loader rat suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

SWIFT Message.xlsx

Resource

win10-en-20211208

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

u6vb

Decoy

blendedmatter.com

piquinmarketing.com

dubkirelax.online

optimumotoaksesuar.com

bendisle.com

islamicgeometricpatterns.net

cheesebox.online

lh-coaching.com

buildingmaterial.info

backwoods72.com

goodtreetee.com

zknqqpvsypx.mobi

phukienstreaming.com

turkistick.com

cbd-shop-portugal.com

imherllc.com

krallechols.quest

ttmmb.com

pornmodelsworld.com

weakyummy.space

profitablemechanic.com

arthahomehealth.com

xllbyte.top

enthrallingmagazine.com

letgoboss.com

twaroggrodkowski.com

2027bet365.com

viveecom.com

rachelzrileybeauty.com

jadablond.com

mypasscodekeycard.com

sectionpor.xyz

hypotheque.xyz

matryoshkatechspec.online

newspaper.tax

jm0513.com

barringtonmediaqroup.com

mot-associates.com

mahomeslistings.com

henrywrench.com

anita.digital

leyouxx.com

icetherapy.net

nft-premium.design

vulcanrussia23.xyz

cvbintangkaryacipta.com

ballerapeclub.digital

coralarray.com

quoteshtx.com

thebestgpstracker.com

onlinepricehk.com

mountainvillagecondos.com

thenudefactory.com

rubarombic.net

theroycom1.com

drinkabit.art

maymakita.com

pickvector.net

online-be.xyz

monkendodge.com

successsynergyemail.com

cuahangyodykimthanh.com

love-shoppy.com

gebaeudetechnik-burscheid.com

officejava.store

Targets

- Target
  
  SWIFT Message.xlsx
- Size
  
  192KB
- MD5
  
  de48399098ab9596a733ccc22252c019
- SHA1
  
  caa8c059a3ccc4aba10e9720c6eaa3162dfff665
- SHA256
  
  d688d58ddc22d144141b6b2791d6437b82bdac95267b263cb5ae04c855e32df2
- SHA512
  
  90548dedfd9d8dd828760502cf8e00ebffcbedc71e03628f971dfb3c2275691de87326ec673ca5e8b048e1a895b7d3429a9014fdb826aed2cac7e551f842ddb5
Score

10^/10

xloader u6vb loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata
- Xloader Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderu6vbloaderratsuricata

behavioral2

© 2018-2024

Terms | Privacy