xloader | 0381674ddc98e53b3452e7e0a7a5a392825a5d64483d0682eac28b9262b05735 | Triage

Submit
Reports

Overview

overview

Static

static

8

RFQ#QNT 375281.xlsm

windows7_x64

RFQ#QNT 375281.xlsm

windows10-2004_x64

8

Sharing

General

Target

711258b3e03cce8f54d21d308583d262
Size

265KB
Sample

220707-f8qb2sdgdm
MD5

711258b3e03cce8f54d21d308583d262
SHA1

89e7fad64c0c02ae846b3c468206a2a1379b0d6c
SHA256

0381674ddc98e53b3452e7e0a7a5a392825a5d64483d0682eac28b9262b05735
SHA512

db635f89dd63a8dda63b80edc8fd40f20d960309521d93425319c97e1664abfffb6c4ea5519c92f7f46be9adffa99915e6debca7ac42b7bef1dac9c62fc875f9

Score

10^/10

xloader n8it loader macro rat suricata

Static task

static1

Behavioral task

behavioral1

Sample

RFQ#QNT 375281.xlsm

Resource

win7-20220414-en

xloader n8it loader rat suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

RFQ#QNT 375281.xlsm

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

n8it

Decoy

360-nft.com

reversedwarbler.com

corefina.com

pettigestudio.com

bienvenidomiami.com

directoriobid.com

ydshine.com

xuemengyc.com

crossfitlaquila.com

strongdigits.com

goldendtatedermatology.com

onlinecryptoarbitrage.com

ziyuechloezhang.com

khaijd.com

pickleballgiant.info

shopcycles3.com

dynamicmetalbuildings.com

vandorainvestmentpartners.com

syzbf15.xyz

directbizlending.xyz

e-volutionsf.com

winnerjourney.com

informasivalid.com

impossiblemachinelearning.com

findkode.com

onlinecoursesin.com

0532sme.com

leogaeofkingdoms.com

coloradopadelclub.com

gdpyy.com

plaquepsoriasismedcareus.com

edmontonfoundationrepair.net

cybitt.com

weddingseopro.com

riosenpodo.quest

taketherubbishout00001136.xyz

doubledotts.com

foodieonline.club

xe9b5mzzqzez5t.life

sculpturen.xyz

battene.com

learniebee.com

shamesupportclock.life

tfnor.com

trickwaves.com

presumablye.com

lookloc.xyz

xyypjq.xyz

ike-design.com

de7secondenglimlach.com

signalcharlie.store

gfgoldgroup.com

weytek.com

modellinghacks.com

fimacusa.net

triplatin.com

untilfun.com

sporerindividual.com

mevst.com

vertex-modal.com

overworld.site

areowed.site

thesleepercar.com

driveubertexas.com

electrosle.xyz

Targets

- Target
  
  RFQ#QNT 375281.xlsm
- Size
  
  193KB
- MD5
  
  907680c16f4042379141cf7023a8a92d
- SHA1
  
  92464aa3afa94c38acae3aaf7a1d0a6867091ddf
- SHA256
  
  74f99e39eb7894bd8dd60d9e42c528806b7008397c779260b70c8c0c5b9d470d
- SHA512
  
  c492eef61822417815a59689e755cffbc5017993ae08d956fad93e77417ed031187813a9b361b3455ebb4ce79721e630439ac13675b1aabb61d547b5cb0449d8
Score

10^/10

xloader n8it loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata
- Xloader Payload
  rat
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloadern8itloaderratsuricata

behavioral2

© 2018-2024

Terms | Privacy