xloader | 58e7dbc5680d7458eceb491b85be1356fcb33f0863f72730c6b5e7c71d627903

General

Target

58e7dbc5680d7458eceb491b85be1356fcb33f0863f72730c6b5e7c71d627903
Size

164KB
MD5

d060a87251c172dfc4467cfa5cb71a13
SHA1

0517738beb5bd820b263ae83cc75a908a9a8a679
SHA256

58e7dbc5680d7458eceb491b85be1356fcb33f0863f72730c6b5e7c71d627903
SHA512

deed33fed48fc318353387bc418723a3ed311075d61a696cf55fe5ee6ccf5554f1fdd525da3c8683c1c517ab19fb8f691440903ae0bbf39bb7f2804e05dee63b
SSDEEP

3072:bJbE21wCnWLJMahX8jnNgMQ1OkdoJ1dAO9aC:5OJlMaNWnNgMQ3+J1dZ0C

Score

10^/10

rat c0a7 xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

c0a7

Decoy

bhaleraodecoration.com

nicprgas.com

cosgarpivn.quest

vintagekatherine.biz

metagforce.club

corkincantorgroup.com

dothis.website

nropes.com

dpluspizza1.com

shoeloans.com

mu.network

northalabamahome.com

ironweedaudio.com

markulu.com

spencergulfpestcontrol.com

genesisgomkch.xyz

oncohelper.com

crossprime.com

onestory-book.com

viaggidafare.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
58e7dbc5680d7458eceb491b85be1356fcb33f0863f72730c6b5e7c71d627903

Files

58e7dbc5680d7458eceb491b85be1356fcb33f0863f72730c6b5e7c71d627903
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB