xloader | 4c08e19cc5df70fe44f68663be0b45a421537e28c4e23aec7b42b0a386291c63

General

Target

4c08e19cc5df70fe44f68663be0b45a421537e28c4e23aec7b42b0a386291c63
Size

164KB
MD5

81deb46bb491ac34c3e66756d2b18848
SHA1

8f9b35b29a6887e91f29d58dc3dd31c94cc1a006
SHA256

4c08e19cc5df70fe44f68663be0b45a421537e28c4e23aec7b42b0a386291c63
SHA512

0adbfd2c998d2a47a0c7021d2f8baf3f5f84e43b1c7b53e1dc6d9258aac08078fc00ab60221f341f5dadbf1424c0c0c72cb537557d30f31e8e5a48c64256245b
SSDEEP

3072:LBi7vyKGyDTFIuoE+923NT5CKzROWtX77Vrm+Edsdy1Ik:krdjoEiip5CgOWtX778xKdCI

Score

10^/10

rat cna8 xloader

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

cna8

Decoy

exceptionalhospital.com

agshorizon.com

sabaisurfing.com

kathrynprosser.com

news-roma.com

lareinadelosalisados.com

iregretnotcomingupwithit.com

dreamwrldrp.com

brickhallschool-ng.com

exgobal.com

ojcllc.com

pineviewsunrise.com

ru-joking.com

theparkplasticsurgery.com

mouthsecond.today

princessmasksandapparel.com

onlinedavetiyecim.com

animegirls.xyz

heicat.club

brazillianallstars.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c08e19cc5df70fe44f68663be0b45a421537e28c4e23aec7b42b0a386291c63

Files

4c08e19cc5df70fe44f68663be0b45a421537e28c4e23aec7b42b0a386291c63
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 156KB - Virtual size: 156KB

.text
Size: 156KB - Virtual size: 156KB