xloader | bin[.]bin

General

Target

bin.bin
Size

171KB
MD5

2821409ae2e6fdadc89741873bdf54c6
SHA1

690a3626139962c86e5b7f20e8c16a8b260ff77c
SHA256

5ec485835a8f8a06a50a0bd507fb2a6e6665b60cd74a93b6c4b18ef7525c80cb
SHA512

5ceda5509c52851b2f26a4cc2533aa8170a6818127ff8a63f8c9fd71c9823f9b18917bcb3f651cac71dcfbe392b50f0df942c933a69f1e9df5ec99e017032ab3
SSDEEP

3072:1ZWTfxoX0xO9QwzosWeksI9UAtEVbsTbZuuiVhRv4x+9q55uTqLFHQ/b:1ZiWX8AzoVsIKJCbZuuiVXUAq55TL+j

Score

10^/10

rat tpix xloader

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

tpix

Decoy

jsbbfp2p.com

bioindonbest.com

shjgswkj.com

melaninexperience.com

businessbancomat.com

kaatsu-chiro-studio.com

simplybans.com

ncdm.xyz

assistedlivingabuse.com

stacykinglc.com

oklahomahomesbytamara.net

magneticcompany.com

forwardinchristmagazine.com

tomasarkar.com

atterwet.xyz

day70.com

charlysstore.com

homestartuganda.com

alternative-nursing.com

novamateria-vida.xyz

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Files

bin.bin
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 167KB - Virtual size: 166KB

.text
Size: 167KB - Virtual size: 166KB