xloader | 77c5062163c29fc069bf6b25d78284461f71028f3b688e0ac88397038e59f5ce | Triage

Submit
Reports

Overview

overview

Static

static

SC10641.xlsx

windows7_x64

SC10641.xlsx

windows10-2004_x64

4

Sharing

General

Target

SC10641.xlsx
Size

165KB
Sample

220218-wd2dtsdfbr
MD5

11aac7b8fe45c352c86c50c440ec5194
SHA1

dae10515c53dc33378e7b5cc6e8b32b380d61c98
SHA256

77c5062163c29fc069bf6b25d78284461f71028f3b688e0ac88397038e59f5ce
SHA512

84cf52f480a05a3f216b27d6db7a7e73c5bc1196650e31f6cdbe2c30396f8262cc49aaa0f466758e334ee6658a8872ad42baf7e484d67e1724551a15667d62bf

Score

10^/10

xloader ahc8 loader rat suricata

Static task

static1

Behavioral task

behavioral1

Sample

SC10641.xlsx

Resource

win7-en-20211208

xloader ahc8 loader rat suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

SC10641.xlsx

Resource

win10v2004-en-20220112

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ahc8

Decoy

192451.com

wwwripostes.net

sirikhalsalaw.com

bitterbaybay.com

stella-scrubs.com

almanecermezcal.com

goodgood.online

translate-now.online

sincerefilm.com

quadrantforensics.com

johnfrenchart.com

plick-click.com

alnileen.com

tghi.xyz

172711.com

maymakita.com

punnyaseva.com

ukash-online.com

sho-yururi-blog.com

hebergement-solidaire.com

civicinfluencers.net

gzhf8888.com

kuleallstar.com

palisadeslodgecondos.com

holyhirschsprungs.com

azalearoseuk.com

jaggllc.com

italianrofrow.xyz

ioewur.xyz

3a5hlv.icu

kitcycle.com

estate.xyz

ankaraescortvip.xyz

richclubsite2001.xyz

kastore.website

515pleasantvalleyway.com

sittlermd.com

mytemple.group

tiny-wagen.com

sharaleesvintageflames.com

mentalesteem.com

sport-newss.online

fbve.space

lovingtruebloodindallas.com

eaglehospitality.biz

roofrepairnow.info

mcrosfts-updata.digital

cimpactinc.com

greatnotleyeast.com

lovely-tics.com

douglas-enterprise.com

dayannalima.online

ksodl.com

rainbowlampro.com

theinteriorsfurniture.com

eidmueller.email

cg020.online

gta6fuzhu.com

cinemaocity.com

hopeitivity.com

savageequipment.biz

groceriesbazaar.com

hempgotas.com

casino-pharaon-play.xyz

ralfrassendnk-login.com

Targets

- Target
  
  SC10641.xlsx
- Size
  
  165KB
- MD5
  
  11aac7b8fe45c352c86c50c440ec5194
- SHA1
  
  dae10515c53dc33378e7b5cc6e8b32b380d61c98
- SHA256
  
  77c5062163c29fc069bf6b25d78284461f71028f3b688e0ac88397038e59f5ce
- SHA512
  
  84cf52f480a05a3f216b27d6db7a7e73c5bc1196650e31f6cdbe2c30396f8262cc49aaa0f466758e334ee6658a8872ad42baf7e484d67e1724551a15667d62bf
Score

10^/10

xloader ahc8 loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderahc8loaderratsuricata

behavioral2

© 2018-2024

Terms | Privacy