xloader | 7f57d11febc63dbe6fcfaad2872ea6b6

General

Target

7f57d11febc63dbe6fcfaad2872ea6b6
Size

160KB
MD5

7f57d11febc63dbe6fcfaad2872ea6b6
SHA1

c91f3284e1a76d7a36a266b2627d92dca245a911
SHA256

19a3a92c51c1399b86f2442ac5be3c0f3bf7dc22e7868c3cb1bf66b5bd072436
SHA512

22b62cda51670bd2ca6eaef794b5b9fc4441a58ebff89ac79c809a6f4c2421842b5eb50fa8331dbf7f07f51bb88ad7eaef6b404dee4ed74d495c5f9529dfe1df
SSDEEP

3072:+SuBxsX16kapGaG1HozNavECow5csBDMaOYtv9yGqZAf7Hi8X2IhMVGlAs06:+SAs+mBozcNowcMpOYtl/qqDHi8XXhWP

Score

10^/10

rat ig04 xloader

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ig04

Decoy

kd8833.com

gpjsce4kdj2x7.net

guntersgames.com

isolutioau.com

gddzwz.com

cypressconstructllc.com

anahitaanimalcarecenter.com

pianolessonscrescentavalley.com

carnivalofcrazies.net

awfnet.com

dynamiclegacyapparel.com

thewarrantyproviders.com

feiruma.com

petrichorapparel.com

tq-iot.com

immopartner-mallorca.com

sabinepallier.com

ffhsy.com

sa17q.art

parquetryreclaimed.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7f57d11febc63dbe6fcfaad2872ea6b6

Files

7f57d11febc63dbe6fcfaad2872ea6b6
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 156KB - Virtual size: 156KB

.text
Size: 156KB - Virtual size: 156KB