xloader

General

Target

sample catalog2022.xlsx
Size

150KB
Sample

220708-qvnamsfaa8
MD5

d023bbd88318f953625c00335d3bb2ca
SHA1

cf31252435f2da2c907fc06cfa7166e7b5561b09
SHA256

fe992d5f32cefe42e11076d5da2cc065de03d199600fd8d230c798a4281466c1
SHA512

2656a5040821933ab1bb473128311126dccf2455110fba5b733e88b3cab45327c9d877c50a31b45da1c54c91c8422af2e159af97a65ecaf5b0fb2e20fe4a87a3

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

vweq

Decoy

malang-media.com

mrsfence.com

lubetops.com

aitimedia.net

montecryptocapital.com

ahwmedia.com

bvmnc.site

bggearstore.com

bcsantacoloma.online

alltimephotography.com

santacruz-roofings.com

leaplifestyleenterprises.com

censovet.com

similkameenfarms.com

undisclosed.email

thetrinityco.com

rapiturs.com

jedlersdorf.info

mh7jk12e.xyz

flygurlblogwordpress.com

Targets

- Target
  
  sample catalog2022.xlsx
- Size
  
  150KB
- MD5
  
  d023bbd88318f953625c00335d3bb2ca
- SHA1
  
  cf31252435f2da2c907fc06cfa7166e7b5561b09
- SHA256
  
  fe992d5f32cefe42e11076d5da2cc065de03d199600fd8d230c798a4281466c1
- SHA512
  
  2656a5040821933ab1bb473128311126dccf2455110fba5b733e88b3cab45327c9d877c50a31b45da1c54c91c8422af2e159af97a65ecaf5b0fb2e20fe4a87a3
Score

10^/10

xloader vweq loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata
- Xloader payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Abuses OpenXML format to download file from external location
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  decrypted
- Size
  
  144KB
- MD5
  
  f242855ee5e1524b5ad48f23b1358977
- SHA1
  
  605c0f50b0ee48cbca489e0e6afe8d57ac2fea9b
- SHA256
  
  f7513cb11ab947eff5d5cc7d6e07ac07ab6f7199898fbf4af6aeeabcef6ab966
- SHA512
  
  45761922f566a211636a61a3b68df5d6c9df3ff905aad1a9e965d7aeffe2eca88b37147f71d357915fed00337ad82b9a03b3e6fa358e0d193643d7dcac5c8a52
Score

10^/10

xloader vweq loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata
- Xloader payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Abuses OpenXML format to download file from external location
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral3 behavioral4