xloader | 693588afd578c7d4de976f11a0127fb86e20d3c6f188a136b09ddc96c67fc3ca

General

Target

693588afd578c7d4de976f11a0127fb86e20d3c6f188a136b09ddc96c67fc3ca
Size

210KB
MD5

fec5c5d68dc43e4e1fbb6f17bdf4d78b
SHA1

8979ed5dc7547e8f2bc3b26201d71c7a69b4b187
SHA256

693588afd578c7d4de976f11a0127fb86e20d3c6f188a136b09ddc96c67fc3ca
SHA512

57c07e581f06329bae47a3cababb3639d6d524d2ece2900eb4f6b29b353a7f6f0e9df005c700a05d92566ec37104dc83e520e2285e9936d254f97ca090fd3a95
SSDEEP

3072:KJpOs2eiW/90iMvuwSm/0OtEh/1RPXHiVoyVCPiPJcBP0wnmyG1HrkFGNWjy:0O5WHMvhF/0OtEhtFsVC6Pk1nm0sEy

Score

10^/10

rat quc5 xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

quc5

Decoy

writerpilotpublishing.com

journeywands.com

madacambo.com

boreslirealestate.com

drillshear.com

urbanmastic.com

focalbunk.com

ghpgroupinc.xyz

rfgmhnvf.com

241mk.com

mandolinzen.com

thenorthstarbets.com

oggperformancehorses.com

webuywholesalerhouses.com

cinreyyy.com

theyoungwedding.com

neuro-ai-web-ru.digital

zavienniky.xyz

kin-school.com

lowratepersonalloans.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
693588afd578c7d4de976f11a0127fb86e20d3c6f188a136b09ddc96c67fc3ca

Files

693588afd578c7d4de976f11a0127fb86e20d3c6f188a136b09ddc96c67fc3ca
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB