xloader | 76efdfaca33c242273563237714db14e11fd3141135da17aa67992512fe895b4[.]exe

General

Target

76efdfaca33c242273563237714db14e11fd3141135da17aa67992512fe895b4.exe
Size

170KB
MD5

8d171238b58999a26609a5e2d1e8a597
SHA1

b77c521ebf56a858e426478843c5a8585ee72452
SHA256

76efdfaca33c242273563237714db14e11fd3141135da17aa67992512fe895b4
SHA512

1747a5b49736789361ed3238dee6539919d8c5c94abe22ab884c6d2193531c73e560c922cfdb3ad73cbb185d5cde742053702db376548ae85f10d03aeec62936
SSDEEP

3072:IQNUlBy0ugSppC1NdWAZKr7qwFvD7leSiazkr1JfhA5qu43JXNf8IljXS8:IQMy7C1NPKvqSvleSiazkr1vA5quWfj7

Score

10^/10

rat nekq xloader

Malware Config

Extracted

Family

xloader

Version

2.8

Campaign

nekq

Decoy

/c9oNOPSc9aX85OuoqU=

OJ273U/T/c7no1jC

oPn68XFXJsCG6JOuoqU=

iAUbpb8k0vTRkUTK

pPasgiv9XQi4ESRJKCjRfGdj

J5jO/Yz6+M7no1jC

XdhiI9HBZsZlyKZ1jPx+JvxZEg==

uKpYHaMJ+OCnb0yGJ5d4Fg==

9/aD58LBdIIAdGJIaaiSTSuqn1/A

Q52txESw1ro3n3NlouzWgmgm06DFAvFR

nv0k5OdLOI8bBbwMrO7Lp059Fw==

NJ3N6nHo3qKAhDZJKCjRfGdj

z0FFAyMlzFonbTkMu79n

IxOiRvLolOiHw2lEcphyDfqqn1/A

Pi0Kkdu8Vr84Fg==

hGmJW4f0Eelq7fRazg3f1qZr

+O+SUb0HHflx55l0J5d4Fg==

raG3zxXI4rgz6Ipsia0=

OZuQHihvYzPayG4Ax70=

EYKIJDSGpYffFZOuoqU=

Signatures

Xloader Payload 1 IoCs
rat

Processes:

resource yara_rule

sample xloader
Xloader family
xloader

resource	yara_rule
sample	xloader

Files

76efdfaca33c242273563237714db14e11fd3141135da17aa67992512fe895b4.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 169KB - Virtual size: 169KB

.text
Size: 169KB - Virtual size: 169KB