xloader | 4849be6b923692f3b50e37e7ec2651f4

General

Target

4849be6b923692f3b50e37e7ec2651f4
Size

117KB
MD5

4849be6b923692f3b50e37e7ec2651f4
SHA1

19da0ac40e8c9f54de3a25bc49b30d5e1ea4343d
SHA256

000a17c2cb6739993c469ce5071d682d06c567b6f5a57293aa3bd4020217233e
SHA512

8f7a8eae3808d9f0a253656240e6fba37eb083e09a432c0ade1adcb99e8eba314c98a70dd4c2e74463de6747d3fc5d60656b663c05bb3591704d4f7ff2a7a9e5
SSDEEP

3072:iD21HXFIBlm1UQ/w9i22T6JsbCCyR/esS:h1HXFIT4tAODyZesS

Score

10^/10

rat bfup xloader

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

bfup

Decoy

highjumpgames.com

cosmebe-live.com

securebaklogin.com

myvirtualleverage.com

multiserviciosadonai.info

schooling.services

katrinacochranauthor.com

top-dex2.com

doorohc.com

balancedprofitability.com

expressionmusicschool.com

shelleyillmensee.com

rpuvi.com

gi-dep.com

brendparfum.com

sexytru.com

adtradersmedia.com

extendedsecurityservices.com

specialoy.com

g-grid.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
static1/unpack001/bin.exe	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/bin.exe

Files

4849be6b923692f3b50e37e7ec2651f4
.zip
bin.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 156KB - Virtual size: 156KB

.text
Size: 156KB - Virtual size: 156KB