xloader | d60e2aee80acf6346482afc2ca5f6cd7f05f4b267c601c66ba56dc9499cf170f

General

Target

d60e2aee80acf6346482afc2ca5f6cd7f05f4b267c601c66ba56dc9499cf170f
Size

164KB
MD5

ca848fccfa9bada6762f61268b1f1176
SHA1

10dcb76ccf592e58d30bb62a42aaaeb129d67df9
SHA256

d60e2aee80acf6346482afc2ca5f6cd7f05f4b267c601c66ba56dc9499cf170f
SHA512

285a77b449df15fd471885062aaf51c59fa5e5f8d02ee661b71d012718e6bc94cf3c02e9cd150faf4025f659cc7c076b9ddfd96755032b0b2b7fb66ca98f3fd2
SSDEEP

3072:oypMJ2HH5NkKD9Mz1U40Q/RGtabCO7ezYzu3fJXNJlDG:oh25BhMzyFMRGtabPezxpD

Score

10^/10

rat ght9 xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ght9

Decoy

newbalanceclassic.xyz

bobbinsoutpace.online

tasmo.digital

sportax.store

yazamak.com

shopbellwether.com

erste-hilfe-online-test.com

foodroutine.com

gacliving.website

shannpromise.com

rnynorthern.com

niwarko.com

walletsvalidationconnet.com

apachejunctionhouses.com

kempsportsperformance.com

9fuytin.xyz

xn--sngubbarna-fcb.com

flipkzrtshop.xyz

launchyourplffunnel.com

usalandia.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d60e2aee80acf6346482afc2ca5f6cd7f05f4b267c601c66ba56dc9499cf170f

Files

d60e2aee80acf6346482afc2ca5f6cd7f05f4b267c601c66ba56dc9499cf170f
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB