xloader | bc8c6864364e0206701504077c2cf8303d8c9b1a122a15b9eabd79e35282fa7b

General

Target

bc8c6864364e0206701504077c2cf8303d8c9b1a122a15b9eabd79e35282fa7b
Size

164KB
MD5

7db245d6a00c30852e7b90cef5fd9092
SHA1

5fa6939ae6962ff68d9c4d4550d4bb6b90647271
SHA256

bc8c6864364e0206701504077c2cf8303d8c9b1a122a15b9eabd79e35282fa7b
SHA512

571d68ff130df368aff16f2651dc8b0c4d4160b64b32d5ce7cc335490d30988d1f74cab2820a6f4c65bfe64bfa6d9c4055f42a069d9bdf957f1d749fdc5120dc
SSDEEP

3072:eJpEo2pOQR2LA/JwM23Gy6ptjGxWRW79oCL6aoKy:EEFsGKM2W5ptjGARV

Score

10^/10

rat gjqa xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

gjqa

Decoy

nutritioustooth.com

ultimatetrainingarea.com

heyeasygift.com

kennethareas.com

masaru471002.com

lordsoflux.com

fundamentalglobal.store

zonesoftwarepartners.com

nobi.group

hebronhvac.com

remodelacionesenbogota.com

stellarjservices.com

xrzthd.com

601loganwaydrive.com

kinohadoma.pro

808gang.net

objetivofit.com

devasuryan.com

gosbs-c01.com

sealells.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bc8c6864364e0206701504077c2cf8303d8c9b1a122a15b9eabd79e35282fa7b

Files

bc8c6864364e0206701504077c2cf8303d8c9b1a122a15b9eabd79e35282fa7b
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB