xloader | ecd1f01723f52279895587b09ea976337eec2decd700b02d70edd708ca6a857c

General

Target

ecd1f01723f52279895587b09ea976337eec2decd700b02d70edd708ca6a857c
Size

164KB
MD5

794d98c16c6f12a16b177e5a7b013021
SHA1

df951fc374d7408fbc6eb6390a6ad2dfabcacdb0
SHA256

ecd1f01723f52279895587b09ea976337eec2decd700b02d70edd708ca6a857c
SHA512

667df4a8504c25f17db8e93512104d29f5431a0505ce69c0bf199f4e2b3ea3207694a037c6202d3a8a9b03f5bc3bb46bb0250f217f40c258a17551bfafedef0e
SSDEEP

3072:SJgT32vJsLmol4M+7bt10H9JdBLz3DHmtvw9A7L2R/SUY0T9:hTWuiM+H30H9JdBL/eveAn2RHY0T

Score

10^/10

rat p89m xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

p89m

Decoy

wrapapplausechutney.xyz

covidmobiletestingmd.com

convey.gifts

b148tlrfee9evtvorgm5947.com

zmlhtjfls.com

mctrumpthyism.com

lilaixi.store

interstatehardwarenj.com

horakokode.com

42wilsonavenue.com

muskanphysio.com

absoluteuniquecrafts.store

donategame.online

greenlinkengineering.net

pinchanzosloyalty.com

companyintel.network

resumewriterguru.com

oakalleyatcimarron.com

sriyawealthplan.com

mpcollection.online

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ecd1f01723f52279895587b09ea976337eec2decd700b02d70edd708ca6a857c

Files

ecd1f01723f52279895587b09ea976337eec2decd700b02d70edd708ca6a857c
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB