xloader | 97f22b3fd2fa6b95d33a37302cf935d7c67ee419d3acf7a7d8f2bcae09c42543 | Triage

Submit
Reports

Overview

overview

Static

static

RFQ LIST UPDATE.xlsx

windows7_x64

RFQ LIST UPDATE.xlsx

windows10-2004_x64

1

Sharing

General

Target

ff0ca26fa608a5aa95817cd3cf48f963
Size

243KB
Sample

220707-f94aasgae3
MD5

ff0ca26fa608a5aa95817cd3cf48f963
SHA1

a93367ecac997c7d98963f75ef3a46978cf88ba9
SHA256

97f22b3fd2fa6b95d33a37302cf935d7c67ee419d3acf7a7d8f2bcae09c42543
SHA512

36811b75f4eaf9b0c05d1c55959931a02df4cc6951c6a07ffe25a63e8b9f4704175bf37bde1df7f4241d8973f3a173ddca0c417862bbfd55e172f9d4948ffdbd

Score

10^/10

xloader sk8m loader rat suricata

Static task

static1

Behavioral task

behavioral1

Sample

RFQ LIST UPDATE.xlsx

Resource

win7-20220414-en

xloader sk8m loader rat suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

RFQ LIST UPDATE.xlsx

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

sk8m

Decoy

cruisinforabluesin.net

elkntordo.quest

mtmoriginal.com

arespermire.quest

maisoulcolor.com

thegreekfarmerstaverna.com

midlife-fitness.com

uniquelyjessica.com

everybunnyeverybirdy.net

tryafaq.com

aandreashopp.com

selfyou.store

healthtradeusa.com

visiency.com

rainbowshopscom.com

raj-spostitve.com

jupiterflightband.com

haigui.ltd

theparentharbour.com

themutualfriend.com

nobodybutgod.com

seabreezewindowsanddoors.com

steam-whistle.xyz

xlg777.top

glazeind.com

onlinefreetestseries.com

aideritehealth.com

jan-lead.com

farmlimit.com

todofracciones.com

deluxeagent.club

greaterhartfordeats.com

sedyxim.xyz

loontproject.com

drsharonslanguageclasses.mobi

orkadoodle.com

raqsglobal.com

uniquepdglobal.com

niagarachair.com

hostageujkptp.xyz

tastemon.com

ywankm.com

rip-online.com

bousui.club

binges66v.com

superspeedshops.com

b148twpnmu5uvtvnvfk5916.com

myq816oyoukrf9winwyqsw.xyz

shoppernft.com

alexandra-coachingmarketing.com

goohosted.online

shalomroofing.net

y-s-charm.com

lagovistaestates.com

luxuryshopi.com

bekoopverzak.quest

sh10000.store

bama-blues.com

clearviewdirect.net

lotsofcoingifts.com

kcdaikuan.com

cryptopsales.com

meducators.net

oneworldeg.net

snowwisdom.com

Targets

- Target
  
  RFQ LIST UPDATE.xlsx
- Size
  
  176KB
- MD5
  
  487d48d782cec7bd71c3e772f8c97f63
- SHA1
  
  6f5f1d3b219116ee88872fa2d7ac68aa8631f39d
- SHA256
  
  fa64f2d2bdcd2e53e47f3573baf59d4e454b4b01d11502ef752c174135b85878
- SHA512
  
  a803bc7b32ff4fd745619cc8854d263e331f8e358ebbb67d15bf5d9e949d41700cb5a415953e2b025ebe03e4d423388df19aa8457218ff0653434229041a86fc
Score

10^/10

xloader sk8m loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xloadersk8mloaderratsuricata

behavioral2

© 2018-2024

Terms | Privacy