xloader | 9bc501537fd79ff835704744c4d7567f95c181a1a7933fb1306324c606ec85d5

General

Target

9bc501537fd79ff835704744c4d7567f95c181a1a7933fb1306324c606ec85d5
Size

164KB
MD5

a8b5df49af78623d3292bf792d3827f3
SHA1

a9e59f72dd075d6706a9deaf9225f77d524bbd0f
SHA256

9bc501537fd79ff835704744c4d7567f95c181a1a7933fb1306324c606ec85d5
SHA512

2c1207b89da3cd209326808414e31a20a60542eab1a8cb613b55976e77623ad084dc5fe1005db65b9eb312a8322e4c7d8a6184e9c3b2cc0df256d34db9efb390
SSDEEP

3072:rFJ7Ljw4SBF3VTWM25tNkutVSkJB3r34VTrxaVm4c4B5g:rDonKM2j6utQkJBIrz4B5g

Score

10^/10

rat ubar xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ubar

Decoy

momsontubegalore.com

tommyventura.com

abdvincimusic.com

anses-cobros.digital

nu865ci.com

gpulli.com

fgseo.tech

51elight.com

globalpetdeliveries.com

homeofthepillows.com

vidtribs.com

ariawebsites.com

ecocurewellness.com

atlantachallengeseries.com

allabouttnrealty.com

chancerivers.com

healingskintosoul.com

frankmatlock.com

jznclv.com

analisedeconstrucao.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9bc501537fd79ff835704744c4d7567f95c181a1a7933fb1306324c606ec85d5

Files

9bc501537fd79ff835704744c4d7567f95c181a1a7933fb1306324c606ec85d5
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB