xloader | 24359ee1991a1715bd95ee2920c9984e_JaffaCakes118

General

Target

24359ee1991a1715bd95ee2920c9984e_JaffaCakes118
Size

164KB
MD5

24359ee1991a1715bd95ee2920c9984e
SHA1

96bcc9cda0bff12f614422af756bba7919c2acc9
SHA256

4bb96dffcc0b4cba1f4ee2ed04e32d724e486c88b0e8492b3e5efb1ec0928c0e
SHA512

4ea47a99d1d1de7b7b8a15037aeae281b8d544aeb13d3eade1f3e5e78a5518a8d0a79285da9dd52b92268625d02a4cb404cb6ba9ef85a9aa070fc235b04615d4
SSDEEP

3072:W7psS2npp9ymO/pw4imY0bXkN6edhTOYEUvCJ6Trad+:Wu/emIpwdrTN6edhSYdg6fR

Score

10^/10

rat c8te xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

c8te

Decoy

solendshop.com

petanimals2021.com

infullylucky.com

advisormarketing.online

hgfdsx.com

bjshsq.com

43454255.xyz

newsexpressed.com

tenacityshipping.com

y-promotion.com

saltypigeon.com

acemodule.com

satisfaction-spa.com

evertownnyc.com

orgoheart.com

bankerszonemock.com

conveniente-prestamo.com

suprememodelmanagement.com

ego-designteam.com

mecanicotijuana.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
24359ee1991a1715bd95ee2920c9984e_JaffaCakes118

Files

24359ee1991a1715bd95ee2920c9984e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB