xloader | c8205c3951b61fb4bc8f6777073cfd3546982746d6dd5801a6ec39c447c9d4db | Triage

Submit
Reports

Overview

overview

Static

static

INQUIRY-19052022.xlsx

windows7_x64

INQUIRY-19052022.xlsx

windows10-2004_x64

1

Sharing

General

Target

INQUIRY-19052022.xlsx
Size

223KB
Sample

220519-qsc2wsafbk
MD5

c5c836b9e1b1fe4f0fde289fec3259e6
SHA1

bc7e32fd06cb184cd22750be32541e266410a10e
SHA256

c8205c3951b61fb4bc8f6777073cfd3546982746d6dd5801a6ec39c447c9d4db
SHA512

7f980116962422c739355a9bacff76b5887d4703225abcbcc9c07fdf019b5ec9f58def668b6edb3f2feda889874afa4f2d94306165e6c88218f2ec38271b632a

Score

10^/10

xloader be4o loader rat suricata

Static task

static1

Behavioral task

behavioral1

Sample

INQUIRY-19052022.xlsx

Resource

win7-20220414-en

xloader be4o loader rat suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

INQUIRY-19052022.xlsx

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

be4o

Decoy

laboratoriobioixcha.com

tictocperushop.online

wild-oceans.com

belaruscountry.com

kicktmall.com

fitcoinweb.tech

mores.one

gogear.one

gxrcksy.com

samrcq.com

impossible-icecream.com

bravesxx.com

bookchainart.com

sleepsolutionsofmboro.com

ocbrazilbusinessclub.com

advisor76.xyz

xitaotech.com

mgsdtytifgf3414.xyz

johnson-brown.net

cr3drt.com

virtualtourpro.store

transporteriocristal.com

fjbingjiang.com

minecraftrojectx.site

ttrcb.com

sexlarab.com

cxzczc2.online

doorsmm.com

weisbergiegal.com

skythinks.com

schoolsuperaty.com

swampbucketkids.com

networklogicsa.com

businessevs.com

gulfcoastclinicchiro.com

milliards.xyz

moviesquery.com

cycletostack.com

c0wkvo.com

inkingthings.net

cookvillecampgroundvt.com

rajeshprinters.com

binge-bane.biz

ginger9632-voice.cloud

1nfo-post.com

unta.xyz

liuhumu.com

khandaia.info

ha01qnscvts0l.xyz

liert.site

allflowmedia.com

6ibnuj9t.xyz

embravewise.com

responsabilities.com

apexges.com

ola-speechtherapy.com

pristinefarmlands.com

adaraateristiayote.store

journeyhomemeditation.com

96238.top

nosipokip.site

itt-service.com

bw590jumpb.xyz

relieveyourdog.com

qiyeweiiliaoo0428.com

Targets

- Target
  
  INQUIRY-19052022.xlsx
- Size
  
  223KB
- MD5
  
  c5c836b9e1b1fe4f0fde289fec3259e6
- SHA1
  
  bc7e32fd06cb184cd22750be32541e266410a10e
- SHA256
  
  c8205c3951b61fb4bc8f6777073cfd3546982746d6dd5801a6ec39c447c9d4db
- SHA512
  
  7f980116962422c739355a9bacff76b5887d4703225abcbcc9c07fdf019b5ec9f58def668b6edb3f2feda889874afa4f2d94306165e6c88218f2ec38271b632a
Score

10^/10

xloader be4o loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata
- Xloader Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderbe4oloaderratsuricata

behavioral2

© 2018-2024

Terms | Privacy