xloader | 469884179434185e1275b12bc001caaae4281a8d5698e20f57b8f7770cdfd7b1 | Triage

Submit
Reports

Overview

overview

Static

static

FORNAX 2-E...t.xlsx

windows7_x64

FORNAX 2-E...t.xlsx

windows10-2004_x64

1

Sharing

General

Target

FORNAX 2-Eng revised bank account.xlsx
Size

185KB
Sample

220303-jw5srabdhr
MD5

74ba866282eb9332585ed493840c4030
SHA1

4fecea9cfd6a9935e7aab9e3bb3de5bc50206f4c
SHA256

469884179434185e1275b12bc001caaae4281a8d5698e20f57b8f7770cdfd7b1
SHA512

24c98f080b51c1d74d88011a09476e45b1939fc2efd396008dc77025b8a9792b875322b263606b5d6d4e71ab54f5f59bcf0057d76429d9ce1d4b708e0aed0e82

Score

10^/10

xloader igwa loader rat suricata

Static task

static1

Behavioral task

behavioral1

Sample

FORNAX 2-Eng revised bank account.xlsx

Resource

win7-20220223-en

xloader igwa loader rat suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

FORNAX 2-Eng revised bank account.xlsx

Resource

win10v2004-en-20220113

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

igwa

Decoy

listingswithalex.com

funtabse.com

aydenwalling.com

prochal.net

superfoodsnederland.com

moldluck.com

dianekgordon.store

regionalhomescommercial.com

mysecuritymadesimple.com

malwaremastery.com

kodaikeiko.com

jrzg996.com

agricurve.net

songlingjiu.com

virginianundahfishingclub.com

friendschance.com

pastelpresents.com

answertitles.com

survival-hunter.com

nxfddl.com

traditionnevertrend.com

agrovessel.com

unicorm.digital

cucumboy.com

alemdogarimpo.com

laraful.com

hexwaa.com

hanu21st.com

knoycia.com

qishengxing.com

gopipurespices.com

fdkkrfidkdslsieofkld.info

elephantspublications.online

valeriebeijing.com

xn--42cg2czax6ptae6a.com

2shengman.com

sfcshavedice.com

ragworkhouse.com

stardomfrokch.xyz

exoticcenterfold.com

eventosartifice.com

test-order-noren.com

110bao.com

face-pro.online

freedomoff.com

futuresep.com

tremblock.com

chocolat-gillotte.com

speclove.com

ddflsl.com

goodnewsmbc.net

cloudtotaal.com

goapps-auth.com

ouch247max.com

sabra-sd.com

luxuryneverhurt.art

rxvendorpills.online

ludowinners.online

placemyorder.online

skyrim.company

monsterlecturer.com

controle-fiscal.com

phoenixinjurylawyer.online

nanoheadgames.com

toposales.com

Targets

- Target
  
  FORNAX 2-Eng revised bank account.xlsx
- Size
  
  185KB
- MD5
  
  74ba866282eb9332585ed493840c4030
- SHA1
  
  4fecea9cfd6a9935e7aab9e3bb3de5bc50206f4c
- SHA256
  
  469884179434185e1275b12bc001caaae4281a8d5698e20f57b8f7770cdfd7b1
- SHA512
  
  24c98f080b51c1d74d88011a09476e45b1939fc2efd396008dc77025b8a9792b875322b263606b5d6d4e71ab54f5f59bcf0057d76429d9ce1d4b708e0aed0e82
Score

10^/10

xloader igwa loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016
  suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016
  suricata
- Xloader Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderigwaloaderratsuricata

behavioral2

© 2018-2024

Terms | Privacy