xloader | dcfc0d21809cf35594dcaa248fa00907c47efe04df346049d4972c380854aa56 | Triage

Submit
Reports

Overview

overview

Static

static

New Produc...2.xlsx

windows7_x64

New Produc...2.xlsx

windows10-2004_x64

1

Sharing

General

Target

New Products Inquiry 300522.xlsx
Size

136KB
Sample

220530-qgvgssgbf9
MD5

676846d78e0b595abea9a8bc027a2998
SHA1

52e3403b5bcb44fe78fc22746f9835efbc02b415
SHA256

dcfc0d21809cf35594dcaa248fa00907c47efe04df346049d4972c380854aa56
SHA512

83e46688840b98ea65c514d38fb13dbebc9a7ab5d342d6f297f983aa63474e0923c7828d2f1a53614335eda73846fddfec0e69a08d9d22cd3136ea6491e0784d

Score

10^/10

xloader be4o loader persistence rat suricata

Static task

static1

Behavioral task

behavioral1

Sample

New Products Inquiry 300522.xlsx

Resource

win7-20220414-en

xloader be4o loader persistence rat suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

New Products Inquiry 300522.xlsx

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

be4o

Decoy

laboratoriobioixcha.com

tictocperushop.online

wild-oceans.com

belaruscountry.com

kicktmall.com

fitcoinweb.tech

mores.one

gogear.one

gxrcksy.com

samrcq.com

impossible-icecream.com

bravesxx.com

bookchainart.com

sleepsolutionsofmboro.com

ocbrazilbusinessclub.com

advisor76.xyz

xitaotech.com

mgsdtytifgf3414.xyz

johnson-brown.net

cr3drt.com

virtualtourpro.store

transporteriocristal.com

fjbingjiang.com

minecraftrojectx.site

ttrcb.com

sexlarab.com

cxzczc2.online

doorsmm.com

weisbergiegal.com

skythinks.com

schoolsuperaty.com

swampbucketkids.com

networklogicsa.com

businessevs.com

gulfcoastclinicchiro.com

milliards.xyz

moviesquery.com

cycletostack.com

c0wkvo.com

inkingthings.net

cookvillecampgroundvt.com

rajeshprinters.com

binge-bane.biz

ginger9632-voice.cloud

1nfo-post.com

unta.xyz

liuhumu.com

khandaia.info

ha01qnscvts0l.xyz

liert.site

allflowmedia.com

6ibnuj9t.xyz

embravewise.com

responsabilities.com

apexges.com

ola-speechtherapy.com

pristinefarmlands.com

adaraateristiayote.store

journeyhomemeditation.com

96238.top

nosipokip.site

itt-service.com

bw590jumpb.xyz

relieveyourdog.com

qiyeweiiliaoo0428.com

Targets

- Target
  
  New Products Inquiry 300522.xlsx
- Size
  
  136KB
- MD5
  
  676846d78e0b595abea9a8bc027a2998
- SHA1
  
  52e3403b5bcb44fe78fc22746f9835efbc02b415
- SHA256
  
  dcfc0d21809cf35594dcaa248fa00907c47efe04df346049d4972c380854aa56
- SHA512
  
  83e46688840b98ea65c514d38fb13dbebc9a7ab5d342d6f297f983aa63474e0923c7828d2f1a53614335eda73846fddfec0e69a08d9d22cd3136ea6491e0784d
Score

10^/10

xloader be4o loader persistence rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata
- Xloader Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderbe4oloaderpersistenceratsuricata

behavioral2

© 2018-2024

Terms | Privacy