xloader | 285423936c0db5af98c7471ad800b5b5d9a7f37c2549c56b9e132c20f31c6e65

General

Target

285423936c0db5af98c7471ad800b5b5d9a7f37c2549c56b9e132c20f31c6e65
Size

164KB
MD5

73330bd8e6aa706bb5c2868427c8840a
SHA1

7b2513ced0a2aff94e0bf0b8b4989e2a86c35ba9
SHA256

285423936c0db5af98c7471ad800b5b5d9a7f37c2549c56b9e132c20f31c6e65
SHA512

dc317d528a7998c25d0e8d4fcdb5e93112e82f3c0312f28a7afce645b762160464e24b45515ce49feb1d23451936a0195447da3499001010487f44dd8bed4dca
SSDEEP

3072:vIJMh2bcY+eh+uMkm+Hnuiti1aNkVrZzAUwPGGivkaH:vjA1FMkbHfti1aNS1cUwZ2NH

Score

10^/10

rat g5ei xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

g5ei

Decoy

metaab.com

samartis.store

superodyssey.com

akrx.net

heirate.xyz

redpipedown.net

dermaxhomecare.com

perfectempbiz.com

treeohk.com

lyticstnpasumo3.xyz

everybodysinteractive.com

selangyihao6.xyz

bearingsloirb.xyz

missbeautygirl.com

freelancingeu.com

whatyummy.com

perfectselfstorageaston.com

pokretsrpskesabornosti.com

ktnrape.xyz

optimicynic.net

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
285423936c0db5af98c7471ad800b5b5d9a7f37c2549c56b9e132c20f31c6e65

Files

285423936c0db5af98c7471ad800b5b5d9a7f37c2549c56b9e132c20f31c6e65
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB