xloader | acc4be02b6d345725689351b0de0b19ea35f356a60df8cf92318fe9ff96e474f | Triage

Submit
Reports

Overview

overview

Static

static

W6902.xlsx

windows7_x64

W6902.xlsx

windows10_x64

1

Sharing

General

Target

W6902.xlsx
Size

187KB
Sample

220131-e1zp3sehdl
MD5

69795e78fb23e13a62ebc183ef90b3ed
SHA1

e16a17d9001daf722aab876d3dab010218af2a23
SHA256

acc4be02b6d345725689351b0de0b19ea35f356a60df8cf92318fe9ff96e474f
SHA512

77d20558c55569551b3e232a5b3f500ae5056fb13634a50bbadcda1ebdfefe6685d04479a6ae01e58c2a7ec3d0565c887a53d74000d7fe6b5c1404267fb4f651

Score

10^/10

xloader b80i loader rat suricata

Static task

static1

Behavioral task

behavioral1

Sample

W6902.xlsx

Resource

win7-en-20211208

xloader b80i loader rat suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

W6902.xlsx

Resource

win10-en-20211208

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

b80i

Decoy

yixuan5.com

jiazheng369.com

danielleefelipe.net

micorgas.com

uvywah.com

nbjcgl.com

streets4suites.com

hempgotas.com

postmoon.xyz

gaboshoes.com

pastodwes.com

libes.asia

damusalama.com

youngliving1.com

mollyagee.com

branchwallet.com

seebuehnegoerlitz.com

inventors.community

teentykarm.quest

927291.com

wohn-union.info

rvmservices.com

cuanquotex.online

buysubarus.com

360e.group

markham.condos

carriewilliamsinc.com

ennitec.com

wildberryhair.com

trulyrun.com

pinkandgrey.info

mnselfservice.com

gabtomenice.com

2thpolis.com

standardcrypro.com

58lif.com

ir-hasnol.com

ggsega.xyz

tipslowclever.rest

atlasgrpltdgh.com

4338agnes.com

hillsncreeks.com

pentest.ink

cevichiles.com

evodoge.com

gooooooo.xyz

ehaszthecarpetbagger.com

finanes.xyz

zoharfine.com

viperiastudios.com

sjljtzsls.com

frentags.art

mediafyagency.com

faydergayremezdayener.net

freelance-rse.com

quickmovecourierservices.com

lexingtonprochoice.com

farmacymerchants.com

inkland-tattoo.com

aloebiotics.com

rampi6.com

bookinggroningen.com

wilkinsutotint.com

inslidr.com

dreamschools.online

Targets

- Target
  
  W6902.xlsx
- Size
  
  187KB
- MD5
  
  69795e78fb23e13a62ebc183ef90b3ed
- SHA1
  
  e16a17d9001daf722aab876d3dab010218af2a23
- SHA256
  
  acc4be02b6d345725689351b0de0b19ea35f356a60df8cf92318fe9ff96e474f
- SHA512
  
  77d20558c55569551b3e232a5b3f500ae5056fb13634a50bbadcda1ebdfefe6685d04479a6ae01e58c2a7ec3d0565c887a53d74000d7fe6b5c1404267fb4f651
Score

10^/10

xloader b80i loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderb80iloaderratsuricata

behavioral2

© 2018-2024

Terms | Privacy