xloader | 4ef90b24b4674cd6914181ff64e47d9a31069412cb41ffb60dfcf1c0f491dd74

General

Target

4ef90b24b4674cd6914181ff64e47d9a31069412cb41ffb60dfcf1c0f491dd74
Size

164KB
MD5

a73bd7a7d57c7132fab130836c4e1bf3
SHA1

be5a57900b99030c1edda051f47ac7b71d5a4402
SHA256

4ef90b24b4674cd6914181ff64e47d9a31069412cb41ffb60dfcf1c0f491dd74
SHA512

6470654f2dcf22bcbf38d293f08545de4660ea2f66dc180523c5b2ebf1e664b2f93756b62f665c3d30f923eb0efcc4f5025bb7f27bd2d4420fda3128238ba20a
SSDEEP

3072:fYdJcDSGFUXHZXG/+wsaE8HV6mIJpLTw5h87lhYHkwA3ZtaYvIN:fYMYpW/zJZHEm2pLUh87lPX7aq

Score

10^/10

rat ahc8 xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ahc8

Decoy

192451.com

wwwripostes.net

sirikhalsalaw.com

bitterbaybay.com

stella-scrubs.com

almanecermezcal.com

goodgood.online

translate-now.online

sincerefilm.com

quadrantforensics.com

johnfrenchart.com

plick-click.com

alnileen.com

tghi.xyz

172711.com

maymakita.com

punnyaseva.com

ukash-online.com

sho-yururi-blog.com

hebergement-solidaire.com

Signatures

Xloader Payload 1 IoCs
rat

Processes:

resource yara_rule

sample xloader
Xloader family
xloader

resource	yara_rule
sample	xloader

Files

4ef90b24b4674cd6914181ff64e47d9a31069412cb41ffb60dfcf1c0f491dd74
.exe windows x86

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Code Sign

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 159KB

.text
Size: 159KB - Virtual size: 159KB