xloader | f856775311b5f946c55d9aa95fc9e2b1b179fa965af1086ec227df0fa9fed250 | Triage

Submit
Reports

Overview

overview

Static

static

P-009878 P...L.xlsx

windows7_x64

P-009878 P...L.xlsx

windows10-2004_x64

1

Sharing

General

Target

P-009878 PROJECT PROPOSAL.xlsx
Size

177KB
Sample

220705-pffrksahe6
MD5

c69c359c21740d608e1bb353f3617201
SHA1

dd076a4f5157998a66b858a69790445205814caa
SHA256

f856775311b5f946c55d9aa95fc9e2b1b179fa965af1086ec227df0fa9fed250
SHA512

d1ba49fbca0fdbd028e80eb0f5ec7ac2f1d7350a28d4a6b1b7fc77af1fde373d85ebd530155d3f67923aca2aa8cd82fc5c0bdc96e55abd57a34a432f10cf4ed6

Score

10^/10

xloader wfc6 loader rat suricata

Static task

static1

Behavioral task

behavioral1

Sample

P-009878 PROJECT PROPOSAL.xlsx

Resource

win7-20220414-en

xloader wfc6 loader rat suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

P-009878 PROJECT PROPOSAL.xlsx

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

Version

2.9

Campaign

wfc6

Decoy

FPF0BDtsP/0Z3N3EpIfSsQ==

wZbFgKkm5jUpFbB+GQ==

I/oJ0Jcb+eoMqQ==

w7zarxxnPcIgupA=

63SbUimyWalvjfJdRb9U

igCt44uCBYeAugeiTMZW

ZHJ4C8BlAvVDAIRo

XJUEKbSv5SVkKdCoWvkuKiQ=

TDPHixX7VMIgupA=

Xt5NdBkHqXeYgHtS6Lik7Sw=

rJKZiOi3mIr7iH5dEQ==

wbheFmd7+XMkt7KALN8A2NcT+npeUP+g

xqk06+lXAT3bemE847ik7Sw=

YS7SndCMWuCAFbB+GQ==

tJ4lxa1kPUfSZ4UiujZGLCQ=

j8gSmNPGzqe6

iQORUvIx0N1glkfomjmZCzmGPbKE/A==

dlD3cvHVcUBqgNrHpIfSsQ==

Sk9cCV2WvRkavg==

70RVeKQWsgOZMyf+0g0zKyM=

ohA2+Np+OXsEkI9kEcH18SFl14w=

ST7zr+vrjluKY0044qtjpaActyK9

CXijyOBe299npm3+ozM=

tphA7dOGMwEL+E4g/LbEqA==

wZY0YPg56DPTpVAowDs=

lGgNzOJX9yWTNZJx

IukdRenq0udDAIRo

/v2eVZ/MuMJDdtCjO7pJmVRGDftzvas62w==

feXz+6MdJRoTzIc=

X1gMxLgjzQqpQh37n0qlSXq5

bvYhjGIj+eoMqQ==

JnygzOBS4RoTzIc=

aE5SgJwPjJMaX+LFadoOYaArpJmB9ps=

ZVoMNsGzYh4uFbB+GQ==

Y/h4es8mfMIgupA=

5LY/YvHhvRkavg==

X9jXctO6Rd0BHIRTCp9Asnl/h7heUP+g

d9naXx+nRMIgupA=

ZEbgr2pZMCg5Kphx

8Fhj8rA21BCbyA6tjcV5uQ==

mZAZqt/JZStIYMZdRb9U

VU1PAFiTvRkavg==

d8b+wmHKSk3UFZ5zCY95/DM=

mJKsYw+CInX2XW3+ozM=

nOcOwY8W+eoMqQ==

4tyXN3eC9m8RnZFiC7v38SFl14w=

CYB9GOdpC1YDULZdRb9U

vCtZAF6ROnP6g4JS47ik7Sw=

qn4l0rBZCNb49n1A4rik7Sw=

8jY5Oo2TMPEYScRdRb9U

uLhFDueWOXGt

cPqn2X1t8bDiAHBC4FelSXq5

RC5DCM9m6vyHvkgZtU01q04hqs5v8A==

Lg22bRP9zNJG30QOwll3qyFl14w=

9PLzES2aQZcTfVoz4bik7Sw=

LaLYmAfLUFr4ULpdRb9U

+3D9DY7joOWGGQTqmkqlSXq5

v4VAbfsSO/JDAIRo

Pkbwmo1bGvRDAIRo

bMTnAuajbyg18OfCpIfSsQ==

XqzQnn/+pQGhCdu2YRRQoCFl14w=

aWd4kIAzHy2TNZJx

mY5/lIo95Zu4Y0rXud+C8TU=

8AAvYXM4BuUB5D0q/LbEqA==

ssdunlimited.com

Targets

- Target
  
  P-009878 PROJECT PROPOSAL.xlsx
- Size
  
  177KB
- MD5
  
  c69c359c21740d608e1bb353f3617201
- SHA1
  
  dd076a4f5157998a66b858a69790445205814caa
- SHA256
  
  f856775311b5f946c55d9aa95fc9e2b1b179fa965af1086ec227df0fa9fed250
- SHA512
  
  d1ba49fbca0fdbd028e80eb0f5ec7ac2f1d7350a28d4a6b1b7fc77af1fde373d85ebd530155d3f67923aca2aa8cd82fc5c0bdc96e55abd57a34a432f10cf4ed6
Score

10^/10

xloader wfc6 loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- suricata: ET MALWARE MSIL/GenKryptik.FQRH Download Request
  suricata: ET MALWARE MSIL/GenKryptik.FQRH Download Request
  suricata
- suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata
- Xloader Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloaderwfc6loaderratsuricata

behavioral2

© 2018-2024

Terms | Privacy