xloader | b3280e9402e6172764449daedc9e687fbe7b474fd7a45d9756c588d1fa2b1fe2 | Triage

Submit
Reports

Overview

overview

Static

static

SKMB60219.xlsx

windows7_x64

SKMB60219.xlsx

windows10-2004_x64

1

Sharing

General

Target

SKMB60219.xlsx
Size

186KB
Sample

220311-cez3lshfdn
MD5

96d7d76083a4a671520fc66cef8b117c
SHA1

2eb64b5ac52b4bffc75a180c051c26b2a6140f43
SHA256

b3280e9402e6172764449daedc9e687fbe7b474fd7a45d9756c588d1fa2b1fe2
SHA512

53b3f6f86f0fcb5eb8f3d9fb0babf94bcc358b4f9daf2aadd47c5eb2e796683b03ede312d877eaa1968b3c90ffc0d15ac958d1b0743403faf440365141bd26b9

Score

10^/10

xloader ahc8 loader rat suricata

Static task

static1

Behavioral task

behavioral1

Sample

SKMB60219.xlsx

Resource

win7-20220223-en

xloader ahc8 loader rat suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

SKMB60219.xlsx

Resource

win10v2004-en-20220113

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ahc8

Decoy

192451.com

wwwripostes.net

sirikhalsalaw.com

bitterbaybay.com

stella-scrubs.com

almanecermezcal.com

goodgood.online

translate-now.online

sincerefilm.com

quadrantforensics.com

johnfrenchart.com

plick-click.com

alnileen.com

tghi.xyz

172711.com

maymakita.com

punnyaseva.com

ukash-online.com

sho-yururi-blog.com

hebergement-solidaire.com

civicinfluencers.net

gzhf8888.com

kuleallstar.com

palisadeslodgecondos.com

holyhirschsprungs.com

azalearoseuk.com

jaggllc.com

italianrofrow.xyz

ioewur.xyz

3a5hlv.icu

kitcycle.com

estate.xyz

ankaraescortvip.xyz

richclubsite2001.xyz

kastore.website

515pleasantvalleyway.com

sittlermd.com

mytemple.group

tiny-wagen.com

sharaleesvintageflames.com

mentalesteem.com

sport-newss.online

fbve.space

lovingtruebloodindallas.com

eaglehospitality.biz

roofrepairnow.info

mcrosfts-updata.digital

cimpactinc.com

greatnotleyeast.com

lovely-tics.com

douglas-enterprise.com

dayannalima.online

ksodl.com

rainbowlampro.com

theinteriorsfurniture.com

eidmueller.email

cg020.online

gta6fuzhu.com

cinemaocity.com

hopeitivity.com

savageequipment.biz

groceriesbazaar.com

hempgotas.com

casino-pharaon-play.xyz

ralfrassendnk-login.com

Targets

- Target
  
  SKMB60219.xlsx
- Size
  
  186KB
- MD5
  
  96d7d76083a4a671520fc66cef8b117c
- SHA1
  
  2eb64b5ac52b4bffc75a180c051c26b2a6140f43
- SHA256
  
  b3280e9402e6172764449daedc9e687fbe7b474fd7a45d9756c588d1fa2b1fe2
- SHA512
  
  53b3f6f86f0fcb5eb8f3d9fb0babf94bcc358b4f9daf2aadd47c5eb2e796683b03ede312d877eaa1968b3c90ffc0d15ac958d1b0743403faf440365141bd26b9
Score

10^/10

xloader ahc8 loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderahc8loaderratsuricata

behavioral2

© 2018-2024

Terms | Privacy