xloader | 33b08940d5a2fdd70c73fddf7e359193eb86a1d42e7cce27dba02718b7279c49 | Triage

Submit
Reports

Overview

overview

Static

static

QUOTATION.exe

windows7_x64

QUOTATION.exe

windows10-2004_x64

Sharing

General

Target

QUOTATION.exe
Size

564KB
Sample

220209-mdncjaabdp
MD5

98baccb2a35dcd64991688d8c2f9863e
SHA1

2cf34e18ccb91d2e0572ec833f8656178f4e834b
SHA256

33b08940d5a2fdd70c73fddf7e359193eb86a1d42e7cce27dba02718b7279c49
SHA512

caf53ba7e93e0f781877cfc318b429dbec9490b443ff8e5533f5ef0c89a1f612ac6e7cc245c99b34ffbf4c9bad95c8e2a183e7faffba3ce78a8b23b1c4757e54

Score

10^/10

xloader nt3f loader rat suricata

Static task

static1

Behavioral task

behavioral1

Sample

QUOTATION.exe

Resource

win7-en-20211208

xloader nt3f loader rat suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

QUOTATION.exe

Resource

win10v2004-en-20220112

xloader nt3f loader rat suricata

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

nt3f

Decoy

tricyclee.com

kxsw999.com

wisteria-pavilion.com

bellaclancy.com

promissioskincare.com

hzy001.xyz

checkouthomehd.com

soladere.com

point4sales.com

socalmafia.com

libertadysarmiento.online

nftthirty.com

digitalgoldcryptostock.net

tulekiloscaird.com

austinfishandchicken.com

wlxxch.com

mgav51.xyz

landbanking.global

saprove.com

babyfaces.skin

elainemaxwellcoaching.com

1388xc.com

juveniscloud.com

bsauksjon.com

the-waterkooler.com

comment-changer-sa-vie.com

psmcnd.top

rhodesleadingedge.com

mccuelawfirm.com

skinnscience.club

hype-clicks.com

liaojinc.xyz

okmakers.com

ramblertour.online

wickedhunterworld.com

fit-threads.com

cookidoo.website

magentabin.com

pynch1.com

best-paper-to-know-today.info

allmight.net

monicraftsprintables.com

avataroasis.com

10dian-4.com

cozastore.net

capitalcased.com

spacezanome.xyz

feiyangmi.com

11opus.com

getinteriorsolution.com

tidyhutstore.com

amazingpomskyfamily.com

tfcvintage.com

halfanape.com

rotakb.com

martinasfood.com

the-thanks.com

mithilmehta.com

em-photo.art

primerepro.com

lankasirinspa.com

gtbaibang.com

zealandiatobacco.com

deepikatransportpackers.com

eagle-meter.com

Targets

- Target
  
  QUOTATION.exe
- Size
  
  564KB
- MD5
  
  98baccb2a35dcd64991688d8c2f9863e
- SHA1
  
  2cf34e18ccb91d2e0572ec833f8656178f4e834b
- SHA256
  
  33b08940d5a2fdd70c73fddf7e359193eb86a1d42e7cce27dba02718b7279c49
- SHA512
  
  caf53ba7e93e0f781877cfc318b429dbec9490b443ff8e5533f5ef0c89a1f612ac6e7cc245c99b34ffbf4c9bad95c8e2a183e7faffba3ce78a8b23b1c4757e54
Score

10^/10

xloader nt3f loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloadernt3floaderratsuricata

behavioral2

xloadernt3floaderratsuricata

© 2018-2024

Terms | Privacy