xloader | b8ab74dd84edb28eb65b60019e3420a82747b46e1d10d016dbf74fee5edb7ecb

General

Target

b8ab74dd84edb28eb65b60019e3420a82747b46e1d10d016dbf74fee5edb7ecb
Size

163KB
MD5

75333f3547b95e8d4649b36006ca2bc2
SHA1

a3e52f934a0eabe5bd640411ea4c366e703c7890
SHA256

b8ab74dd84edb28eb65b60019e3420a82747b46e1d10d016dbf74fee5edb7ecb
SHA512

2de0d145b3e387497fec551be564b5b1d6a88eb64212947ac610a8007834a10116e08d4b4f67cec8a9d86bd9f5cdee0448506b64ea25d8ece5c6861e18814133
SSDEEP

3072:lSJ7oj6e3M9o8CCME2mYwPNUt6xR9xs2W6C0l7V:lG531MEPFPNUtIxsD6b

Score

10^/10

rat isoa xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

isoa

Decoy

stripedfox.com

westchestercountyparks.com

gevin.club

bloggersvibe.com

thisisplace.info

chillocompactpillow.com

algorithmautotransport.com

outlook-settings.com

advanswa.com

amorporlaropa.com

regionscott.com

maretta.info

newsint.store

cazino-pinup.xyz

rainbowlifecenter.com

missteya.com

nacaktgront.quest

builtkh.com

fswbjx.com

ubercuernavaca.com

Signatures

Xloader Payload 1 IoCs
rat

Processes:

resource yara_rule

sample xloader
Xloader family
xloader

resource	yara_rule
sample	xloader

Files

b8ab74dd84edb28eb65b60019e3420a82747b46e1d10d016dbf74fee5edb7ecb
.exe windows x86

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Code Sign

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB