xloader | a5710d566d75764e63a8669e72f21b5542c234af87a4217cf0415799cbe9c5e1 | Triage

Submit
Reports

Overview

overview

Static

static

BL.xlsx

windows7_x64

BL.xlsx

windows10-2004_x64

1

Sharing

General

Target

BL.xlsx
Size

289KB
Sample

220428-g8wphabbf3
MD5

b8e9f95d4fa7c45a88a676e7bb3fc9ae
SHA1

acc6e22cbca2be6226fbddd46ce1ae8304f4f996
SHA256

a5710d566d75764e63a8669e72f21b5542c234af87a4217cf0415799cbe9c5e1
SHA512

27ce1fc0a872ec06fd8cc5ca9d8da3dda05988a887e29b14066648fb855b8977169dca0e0c585c7516359ce10321787de57a682da39eed347f1cdbd922da254e

Score

10^/10

xloader bs8f loader rat suricata

Static task

static1

Behavioral task

behavioral1

Sample

BL.xlsx

Resource

win7-20220414-en

xloader bs8f loader rat suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

BL.xlsx

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

bs8f

Decoy

atmospheraglobal.com

dontshootima.com

bestofferusde.club

yourdigitalboss.com

breskizci.com

myarrovacoastwebsite.com

reasclerk.com

efrovida.com

wsmz.net

upneett.com

loefflerforgov.com

noida.info

trndystore.com

arhaldar.online

vivibanca.tech

mykrema.com

vseserialy.online

ridgewayinsua.com

heauxland.com

bestcollegecourses.com

scent-kart.xyz

handyman-prime.com

wrightpurpose.com

hellounio.com

wealthy-link-erp.com

josegal.com

texasdominionrealty.com

hespresso.net

dreamonetnpasumo5.xyz

videosmind.com

abbawaalema.quest

esmtoluca.com

2382108759.com

akbastionoffilamentousfungi.com

electramanpower.com

siguealpanda.com

alquilerfurgon.com

3-little-pigs.com

esolutions4u.com

thatgolfer.com

biom4rk.com

paramusapartments.com

mothergadgets.com

ktnreport.xyz

amxdrivers.com

buymyhomeallcash.com

lifeisthere.com

nous-citoyens.com

destimarketing.com

lawinepro.com

littlenorwayfarmhouse.com

realworldgb488.rest

qualinorm.com

capitaltechcorp.com

familybeautifull.com

continentaldeal.com

scratchforce.com

veganbreathing.com

hickoryfalls-pm.com

pascal-rocha.com

20kretirementplan.biz

lehome.store

hellanatural.com

hnythao.com

gnizdo.online

Targets

- Target
  
  BL.xlsx
- Size
  
  289KB
- MD5
  
  b8e9f95d4fa7c45a88a676e7bb3fc9ae
- SHA1
  
  acc6e22cbca2be6226fbddd46ce1ae8304f4f996
- SHA256
  
  a5710d566d75764e63a8669e72f21b5542c234af87a4217cf0415799cbe9c5e1
- SHA512
  
  27ce1fc0a872ec06fd8cc5ca9d8da3dda05988a887e29b14066648fb855b8977169dca0e0c585c7516359ce10321787de57a682da39eed347f1cdbd922da254e
Score

10^/10

xloader bs8f loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderbs8floaderratsuricata

behavioral2

© 2018-2024

Terms | Privacy