xloader | b85b6101f5f24710f8c9d5a32a4fa4194c55d1088c8722b08653aac9e6a3007a | Triage

Submit
Reports

Overview

overview

Static

static

vbc.exe

windows7_x64

vbc.exe

windows10-2004_x64

Sharing

General

Target

vbc.exeivgijkfx
Size

842KB
Sample

220422-av8ctaeehn
MD5

d1313aa99a8d454aa0d3b728a67dd331
SHA1

81098d77f90fe9cb7f8953345c7385c35597bdfd
SHA256

b85b6101f5f24710f8c9d5a32a4fa4194c55d1088c8722b08653aac9e6a3007a
SHA512

55591756ffcd8442766800b95ba472a3dc8cd1d01e30b65ab146b48b4911ac4b05433c4204f237964720dfffa96af9c218569b81f79d4b14d4c70b9a7f1cd56f

Score

10^/10

xloader arh2 discovery exploit loader rat suricata

Static task

static1

Behavioral task

behavioral1

Sample

vbc.exe

Resource

win7-20220414-en

xloader arh2 discovery exploit loader rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

vbc.exe

Resource

win10v2004-20220414-en

xloader arh2 loader rat suricata

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

arh2

Decoy

anniversaryalert.com

kinship.space

buabdullagroup.com

ghostprotectionagency.com

scion-go-getter.com

skindeepapp.com

kysp3.xyz

bonitaspringshomesearch.com

bestdeals2022.online

themarketingstinger.com

chengkayouxuan.com

fendoremi.com

j-stra.com

klingelecn.net

deluxecarepro.com

huanbaodg.com

mes-dents-blanches.com

solutionsemissionsimplifiee.com

abedbashir.tech

good-collection.store

zulijian1.com

deuxtonnes.com

va-products.com

limpiezaspricila.com

hollyweednc.com

liylaehamartoyof4.xyz

lauraloewendesign.com

gozabank.com

iconicbeauty.co

huashiren.xyz

bdsdaivietphat.com

josephgoddard.com

bburagotr.xyz

produkoriginal.store

6156yy.com

cellfacility.com

elictriczone.com

regaldock.com

yourvitalstatistics.com

nextgen-shareholder.com

charlie-dean.com

abodebuildinggroup.com

fortunabs.com

elizabethsilvasuarez.com

setsrl.net

neskasdreams.com

abubuntunginxsetup.xyz

ubspropertyservices.com

spiritpriest.com

altaingenieriainc.net

oldhamcars.com

daimaoart.com

5u8n.com

ppcpowered.com

pmariutto.com

opendialogmonaco.com

project66bug.com

goddesscodes.love

talkingwithmarcus.com

tranvantuan.xyz

priexalidomoi.store

un2030.com

loancreditscan.com

tg88.bet

rshedm.com

Targets

- Target
  
  vbc.exeivgijkfx
- Size
  
  842KB
- MD5
  
  d1313aa99a8d454aa0d3b728a67dd331
- SHA1
  
  81098d77f90fe9cb7f8953345c7385c35597bdfd
- SHA256
  
  b85b6101f5f24710f8c9d5a32a4fa4194c55d1088c8722b08653aac9e6a3007a
- SHA512
  
  55591756ffcd8442766800b95ba472a3dc8cd1d01e30b65ab146b48b4911ac4b05433c4204f237964720dfffa96af9c218569b81f79d4b14d4c70b9a7f1cd56f
Score

10^/10

xloader arh2 discovery exploit loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Blocklisted process makes network request
- Possible privilege escalation attempt
  exploit
- Modifies file permissions
  discovery
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Command-Line Interface

Persistence

Privilege Escalation

Defense Evasion

File Permissions Modification

Scripting

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderarh2discoveryexploitloaderrat

behavioral2

xloaderarh2loaderratsuricata

© 2018-2024

Terms | Privacy