xloader | 8b5ac7f6a15aea59562e54f35ca8a614909fb2503817ac697ef6db08ec605630 | Triage

Submit
Reports

Overview

overview

Static

static

107.172.76...6a.rtf

windows7_x64

107.172.76...6a.rtf

windows10-2004_x64

1

Sharing

General

Target

107.172.76.188_-_y_-_invoice_009.doc___2cbbbd94f2f1e7f68053ab93a418f86a.dat
Size

26KB
Sample

220628-hwk8nshfa5
MD5

2cbbbd94f2f1e7f68053ab93a418f86a
SHA1

f32aa57b0d5e8a7435552e4323c8ffbce605f9f0
SHA256

8b5ac7f6a15aea59562e54f35ca8a614909fb2503817ac697ef6db08ec605630
SHA512

63cf8891bee22ff48c9a822b9dcc9bc326a225e24616bf1b394f7682ab0b99d1561828ff6062ab6d3fe772801cbeda970c1237b7e5f31b586cb96982871e20c8

Score

10^/10

xloader nn40 loader rat suricata

Static task

static1

Behavioral task

behavioral1

Sample

107.172.76.188_-_y_-_invoice_009.doc___2cbbbd94f2f1e7f68053ab93a418f86a.rtf

Resource

win7-20220414-en

xloader nn40 loader rat suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

107.172.76.188_-_y_-_invoice_009.doc___2cbbbd94f2f1e7f68053ab93a418f86a.rtf

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

Version

2.8

Campaign

nn40

Decoy

LYAg0yANOGEAGeaFOrA/

MQWuERZplP+VZy/uszI=

CF0oDN0JimIaGy/uszI=

ltJnyC+ReohYaiTvj1qbEA==

B9OkgdctVKBAFjSUaw==

sbDVwSZVVqVB11/deow8GA==

v1gHDe0pzno=

i+/0n2vHUfGPR98k77tukZ90MQ==

SUtCnbS96Qm21g==

8X9qzyt1dpAo31jXrXfKb49fBPY=

5KlPxqHzSstuFjSUaw==

0r/Kesv/zuanroxvNQW0Gm8=

FFgS7kfPYAqpdhhgRgnBJHY=

LgusAHrkrIoWr0FWIe2o/04UXPw=

vBq9Gvxa9wbKbS/uszI=

Z+q6HAZNNeqwwQ==

wbS4fMb06SjU5Kbseow8GA==

1mZEuZvJ/m0L9bof56PkkZ90MQ==

JCJIM74lHk/o+tiFOrA/

d14FrM8rGEgIzVkT67+3XaEh

OtJqJTaZyD/bgy/uszI=

MMzqpo3pVjbaigine/p4W6dqZPJKkg==

LRS4MpnBeVxC/bqjf0kMBGop69QC

7FTxgWaTLAKbm3B0QgW0Gm8=

hjbYktAyum2JNK6N

WRtxyNlENeqwwQ==

MTOKH+0pzno=

8LkJ8EsWWHIK

zs758oMTaffAxI0bn2uqFw==

ariAXDqMsKpwF5U=

UEZOAmXFnpRh+rqD

T5e5xzlTNeqwwQ==

tp424+UDomI=

Y7VXD+I8CKVuDZQ=

zg6qeGbHO1F+FjSUaw==

JPypEB2CuDAz+bXSrjo=

8ah8cf5odcPNS+Sa

k+CGNhyOMKVuDZQ=

oVviitkD8B7ZmijeyIDFOI9nZPJKkg==

TtztqHfKKqQWuVRvT9fSSpJJmAFYLjw=

p6pvJHfZmJgx6XwYuL56b798MA==

WWmegczy4x2O+cIC27RtkZ90MQ==

/QrLiDyde3RJWRwRmWYo

PtShJAZG1WU6LP3osjo=

ZTrOf2PMho1kdm/JtSU=

A1ssC+pS8dvNS+Sa

K4g38tVda8DNS+Sa

Dz7fj13DnKh1iV8++X2H8Fbeq1jBGh4D

0AjPwNQtnWUEpDBAJbq9GG8p69QC

ALhKrIu7/5BTRf1OQAW0Gm8=

a5Zp3GrGWhzmrBYRmWYo

dwzcQzpnYYAi8G7eypfSS6d3oWmQnQ==

VR3AHfcDyG79m6bm0YnEOEBS/fQ=

pyZFKiWXNaVuDZQ=

dzf0zzBlYaqLFjSUaw==

D6TIj16hJ8JhJMom8rlxkZ90MQ==

8qkyvpp56Qm21g==

4qNmKHymVg3Bx4M=

MOiH6DRYhutyFjSUaw==

JqTDnm+zOQLV+83Ucm9GDw==

YQilIAQqUM5vFjSUaw==

84U/nbvTQwzcyQ==

mC34kB9LdeJuFjSUaw==

DKLKrbwuuWyJNK6N

thisismyhomevalue.com

Targets

- Target
  
  107.172.76.188_-_y_-_invoice_009.doc___2cbbbd94f2f1e7f68053ab93a418f86a.dat
- Size
  
  26KB
- MD5
  
  2cbbbd94f2f1e7f68053ab93a418f86a
- SHA1
  
  f32aa57b0d5e8a7435552e4323c8ffbce605f9f0
- SHA256
  
  8b5ac7f6a15aea59562e54f35ca8a614909fb2503817ac697ef6db08ec605630
- SHA512
  
  63cf8891bee22ff48c9a822b9dcc9bc326a225e24616bf1b394f7682ab0b99d1561828ff6062ab6d3fe772801cbeda970c1237b7e5f31b586cb96982871e20c8
Score

10^/10

xloader nn40 loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata
- Xloader Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloadernn40loaderratsuricata

behavioral2

© 2018-2024

Terms | Privacy