xloader | SWhs[.]exe

General

Target

SWhs.exe
Size

160KB
MD5

9b39457703898f689b0e92a03d3408bf
SHA1

12cfebd737b58e1d961f226e087716ff38c420d3
SHA256

163e4dd4d77797c1b788c03c0f71911d2181573bdf4f048e953563b072a234c6
SHA512

73d7983c9582b28fff9044e328d6358c27a00aa687694e695a1f52c74d2eb43cd5674af6ad8c00b54fbdaa1c54896d1d775f529244f749f18c570713c3e24fa9
SSDEEP

3072:EhhrDpv/3jb+Na8dZL9My3BhYpm16G5tKartyetVTeH+QRRnNxm4s:E3gpF9NxhEm1j5tXrYette/nF

Score

10^/10

rat pzb5 xloader

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

pzb5

Decoy

laceez-store.com

fastcobra.icu

adust.site

parcelpunk.com

dabanse.info

themacshisha.com

ketogenic-success.com

simplyrip.com

antoniolima.icu

ruyakeji.net

sysintegrados2.com

triangle-resolute.com

muratkivrak.com

ntwrkrecs.com

gtxhcntq.icu

charlottepromo.com

trygreenbar.com

abbathandhottub.com

sliim-up.com

hoteldeleauvive.com

Signatures

Xloader family
xloader
Xloader payload 1 IoCs
rat

Processes:

resource yara_rule

sample xloader

resource	yara_rule
sample	xloader

Files

SWhs.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 156KB - Virtual size: 156KB

.text
Size: 156KB - Virtual size: 156KB