xloader | db9f80d5e21c4915236c9c0d6081975ee5bac5d92d5ef82b193378f269b42ab2 | Triage

Submit
Reports

Overview

overview

Static

static

HSBC-SWIFT...2.xlsx

windows7_x64

HSBC-SWIFT...2.xlsx

windows10-2004_x64

1

Sharing

General

Target

HSBC-SWIFT 05.07.2022.xlsx
Size

176KB
Sample

220705-pffrksahe5
MD5

e5a13d1ba130b94576402fe59bdad693
SHA1

7bfc2d69780f44d0db32eb201b80ea161291b097
SHA256

db9f80d5e21c4915236c9c0d6081975ee5bac5d92d5ef82b193378f269b42ab2
SHA512

53b34e56308248ec65e2fa94500237f97d8a6a789dcf282e8a19bc2ae48cf157648ed6662952decbce241958012020d88b16ab96699d49e6e41a68d65aea7314

Score

10^/10

xloader wfc6 loader rat suricata

Static task

static1

Behavioral task

behavioral1

Sample

HSBC-SWIFT 05.07.2022.xlsx

Resource

win7-20220414-en

xloader wfc6 loader rat suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

HSBC-SWIFT 05.07.2022.xlsx

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

Version

2.9

Campaign

wfc6

Decoy

FPF0BDtsP/0Z3N3EpIfSsQ==

wZbFgKkm5jUpFbB+GQ==

I/oJ0Jcb+eoMqQ==

w7zarxxnPcIgupA=

63SbUimyWalvjfJdRb9U

igCt44uCBYeAugeiTMZW

ZHJ4C8BlAvVDAIRo

XJUEKbSv5SVkKdCoWvkuKiQ=

TDPHixX7VMIgupA=

Xt5NdBkHqXeYgHtS6Lik7Sw=

rJKZiOi3mIr7iH5dEQ==

wbheFmd7+XMkt7KALN8A2NcT+npeUP+g

xqk06+lXAT3bemE847ik7Sw=

YS7SndCMWuCAFbB+GQ==

tJ4lxa1kPUfSZ4UiujZGLCQ=

j8gSmNPGzqe6

iQORUvIx0N1glkfomjmZCzmGPbKE/A==

dlD3cvHVcUBqgNrHpIfSsQ==

Sk9cCV2WvRkavg==

70RVeKQWsgOZMyf+0g0zKyM=

ohA2+Np+OXsEkI9kEcH18SFl14w=

ST7zr+vrjluKY0044qtjpaActyK9

CXijyOBe299npm3+ozM=

tphA7dOGMwEL+E4g/LbEqA==

wZY0YPg56DPTpVAowDs=

lGgNzOJX9yWTNZJx

IukdRenq0udDAIRo

/v2eVZ/MuMJDdtCjO7pJmVRGDftzvas62w==

feXz+6MdJRoTzIc=

X1gMxLgjzQqpQh37n0qlSXq5

bvYhjGIj+eoMqQ==

JnygzOBS4RoTzIc=

aE5SgJwPjJMaX+LFadoOYaArpJmB9ps=

ZVoMNsGzYh4uFbB+GQ==

Y/h4es8mfMIgupA=

5LY/YvHhvRkavg==

X9jXctO6Rd0BHIRTCp9Asnl/h7heUP+g

d9naXx+nRMIgupA=

ZEbgr2pZMCg5Kphx

8Fhj8rA21BCbyA6tjcV5uQ==

mZAZqt/JZStIYMZdRb9U

VU1PAFiTvRkavg==

d8b+wmHKSk3UFZ5zCY95/DM=

mJKsYw+CInX2XW3+ozM=

nOcOwY8W+eoMqQ==

4tyXN3eC9m8RnZFiC7v38SFl14w=

CYB9GOdpC1YDULZdRb9U

vCtZAF6ROnP6g4JS47ik7Sw=

qn4l0rBZCNb49n1A4rik7Sw=

8jY5Oo2TMPEYScRdRb9U

uLhFDueWOXGt

cPqn2X1t8bDiAHBC4FelSXq5

RC5DCM9m6vyHvkgZtU01q04hqs5v8A==

Lg22bRP9zNJG30QOwll3qyFl14w=

9PLzES2aQZcTfVoz4bik7Sw=

LaLYmAfLUFr4ULpdRb9U

+3D9DY7joOWGGQTqmkqlSXq5

v4VAbfsSO/JDAIRo

Pkbwmo1bGvRDAIRo

bMTnAuajbyg18OfCpIfSsQ==

XqzQnn/+pQGhCdu2YRRQoCFl14w=

aWd4kIAzHy2TNZJx

mY5/lIo95Zu4Y0rXud+C8TU=

8AAvYXM4BuUB5D0q/LbEqA==

ssdunlimited.com

Targets

- Target
  
  HSBC-SWIFT 05.07.2022.xlsx
- Size
  
  176KB
- MD5
  
  e5a13d1ba130b94576402fe59bdad693
- SHA1
  
  7bfc2d69780f44d0db32eb201b80ea161291b097
- SHA256
  
  db9f80d5e21c4915236c9c0d6081975ee5bac5d92d5ef82b193378f269b42ab2
- SHA512
  
  53b34e56308248ec65e2fa94500237f97d8a6a789dcf282e8a19bc2ae48cf157648ed6662952decbce241958012020d88b16ab96699d49e6e41a68d65aea7314
Score

10^/10

xloader wfc6 loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- suricata: ET MALWARE MSIL/GenKryptik.FQRH Download Request
  suricata: ET MALWARE MSIL/GenKryptik.FQRH Download Request
  suricata
- suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata
- Xloader Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderwfc6loaderratsuricata

behavioral2

© 2018-2024

Terms | Privacy