xloader | 392287a24e917681eb8e8f7d82da81dc_JaffaCakes118

General

Target

392287a24e917681eb8e8f7d82da81dc_JaffaCakes118
Size

161KB
MD5

392287a24e917681eb8e8f7d82da81dc
SHA1

6a55e317286d3f811ac202c01ea78d38afa5ec1d
SHA256

e416ee852d5b60f138ff40f82b52a6018fd9923b5daf2197cee01f23bba885c9
SHA512

f0e0f96c13120e9ad5d808e27f260813dead9c7436ee60be8c5c810ec1f10bbb3752e351b1e55610090de70bac9e3136ca594aacdc7b9274f54f0e0b00b2f980
SSDEEP

3072:UtBj56f64TnDXoMJHTPJysbAIOctvoKgDpMlLJVcPTd+Ape8:kL2zoMtzAsb7OctvovNMdJ2PTd+A/

Score

10^/10

rat h85m xloader

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

h85m

Decoy

billscoins.net

michkenot.com

vezertalalkozo.com

larguetonmec.com

ifybomb.net

flycomputers.com

ableveg.com

mtpublicadjusting.com

merkabahindustries.com

hilalcambalkon.com

seanses.com

camasirmakinesiservisi.net

thebigoworld.com

buscatijones.com

walkingodslight.com

camp-camp.info

fbjelonic.com

mooch-monster.com

numbergen.net

amazonin.xyz

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
392287a24e917681eb8e8f7d82da81dc_JaffaCakes118

Files

392287a24e917681eb8e8f7d82da81dc_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 156KB - Virtual size: 156KB

.text
Size: 156KB - Virtual size: 156KB