xloader | 719ac8462a554ec46d13e7c3b33c39248d546da6e9618edec381656472814352 | Triage

Submit
Reports

Overview

overview

Static

static

Berthing.xlsx

windows7_x64

Berthing.xlsx

windows10-2004_x64

1

Sharing

General

Target

Berthing.xlsx
Size

131KB
Sample

220511-kybhcsgbh9
MD5

95b1b15c87f5d6daba1c72e6514a9fc1
SHA1

4f05f44baf5d8d3e31dc050c79f1d8703c82e0be
SHA256

719ac8462a554ec46d13e7c3b33c39248d546da6e9618edec381656472814352
SHA512

bf1f39e08e3baeabc034145b9ec04b56787ee80d9c408d89368b88f6e0a5508e94d3921e1887efd47988f8e0d275530c854095d4d19861221a9cc939776afad4

Score

10^/10

xloader bs8f loader rat suricata

Static task

static1

Behavioral task

behavioral1

Sample

Berthing.xlsx

Resource

win7-20220414-en

xloader bs8f loader rat suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Berthing.xlsx

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

bs8f

Decoy

atmospheraglobal.com

dontshootima.com

bestofferusde.club

yourdigitalboss.com

breskizci.com

myarrovacoastwebsite.com

reasclerk.com

efrovida.com

wsmz.net

upneett.com

loefflerforgov.com

noida.info

trndystore.com

arhaldar.online

vivibanca.tech

mykrema.com

vseserialy.online

ridgewayinsua.com

heauxland.com

bestcollegecourses.com

scent-kart.xyz

handyman-prime.com

wrightpurpose.com

hellounio.com

wealthy-link-erp.com

josegal.com

texasdominionrealty.com

hespresso.net

dreamonetnpasumo5.xyz

videosmind.com

abbawaalema.quest

esmtoluca.com

2382108759.com

akbastionoffilamentousfungi.com

electramanpower.com

siguealpanda.com

alquilerfurgon.com

3-little-pigs.com

esolutions4u.com

thatgolfer.com

biom4rk.com

paramusapartments.com

mothergadgets.com

ktnreport.xyz

amxdrivers.com

buymyhomeallcash.com

lifeisthere.com

nous-citoyens.com

destimarketing.com

lawinepro.com

littlenorwayfarmhouse.com

realworldgb488.rest

qualinorm.com

capitaltechcorp.com

familybeautifull.com

continentaldeal.com

scratchforce.com

veganbreathing.com

hickoryfalls-pm.com

pascal-rocha.com

20kretirementplan.biz

lehome.store

hellanatural.com

hnythao.com

gnizdo.online

Targets

- Target
  
  Berthing.xlsx
- Size
  
  131KB
- MD5
  
  95b1b15c87f5d6daba1c72e6514a9fc1
- SHA1
  
  4f05f44baf5d8d3e31dc050c79f1d8703c82e0be
- SHA256
  
  719ac8462a554ec46d13e7c3b33c39248d546da6e9618edec381656472814352
- SHA512
  
  bf1f39e08e3baeabc034145b9ec04b56787ee80d9c408d89368b88f6e0a5508e94d3921e1887efd47988f8e0d275530c854095d4d19861221a9cc939776afad4
Score

10^/10

xloader bs8f loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderbs8floaderratsuricata

behavioral2

© 2018-2024

Terms | Privacy