xloader | 779f51468b459d7e4fa2fb6dafabd1771416f00bdd0ad587b1f3119da41edd5e

General

Target

779f51468b459d7e4fa2fb6dafabd1771416f00bdd0ad587b1f3119da41edd5e
Size

163KB
MD5

38fb98517edff35bc6464043424aa83f
SHA1

6c193d4b1263bbfdd553a639b9db620bb3cd8d3d
SHA256

779f51468b459d7e4fa2fb6dafabd1771416f00bdd0ad587b1f3119da41edd5e
SHA512

8770179978452daad99fccd768b515247eb3eb5ca93b90f271bbdb0bb149929ccefc12c30a5c5197c1a555478bc0714f8284f9049364e5e1167aa0ff439212be
SSDEEP

3072:trJfxvjF/sxC5Lby63kMNHHxG8HdNlkgDys4Ytc4v94Nzdq:tVxaGZUMNnk8HdNlkgWs4YLU

Score

10^/10

rat he43 xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

he43

Decoy

medianrealestate.com

donewrightonline.com

shawtopia.com

inmobiliariajlf.com

bullion-store.com

sunkissedjourneys.com

tatou-fashion.com

fruitdoughnuts.com

yingshe.xyz

2021psds.com

adamsonsystem.com

kfordvoiceactor.com

visionries.com

mithwill.com

carolinasbestroofers.com

happy-bihada.xyz

rvparkofdublin.com

joaocapinha.com

tenthplanetjj.com

finishwrightllc.com

Signatures

Xloader Payload 1 IoCs
rat

Processes:

resource yara_rule

sample xloader
Xloader family
xloader

resource	yara_rule
sample	xloader

Files

779f51468b459d7e4fa2fb6dafabd1771416f00bdd0ad587b1f3119da41edd5e
.exe windows x86

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Code Sign

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB