xloader | 3edab742079945e0c1f82cb389c48406bb46188fdc0fd53c24526cc802ddc1b9

General

Target

3edab742079945e0c1f82cb389c48406bb46188fdc0fd53c24526cc802ddc1b9
Size

164KB
MD5

0d5e53796965854c4d0f3b9f7408f4dc
SHA1

62de4000e914975a41837829c6c1b8be2883f33e
SHA256

3edab742079945e0c1f82cb389c48406bb46188fdc0fd53c24526cc802ddc1b9
SHA512

6ec4e852e9d4d24cc54ce11be16023ac012e18fe100922c8a904ae27af565c633a3318878e7044013ab5778a692d6480f9da63283859402a720e467b95484297
SSDEEP

3072:n4ppbC2Q2yvfzWbdMKa5z/gfvtT4bxKKEdbtk5y0itDI:nix7hMKcLGtT4bwkM0it

Score

10^/10

rat rhen xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

rhen

Decoy

transparenciacirurgica.xyz

martinyaleafrica.com

tshop-dz.store

carte-grise-vehicule.net

diazblanco.xyz

sellwithjaycombs.com

chickytattwo.com

pettyuniversity.net

northstarbets.com

robertatoschi.com

ignumhnk.quest

hydrakitten.com

hyperpinealism.info

deadwoodsportsbets.com

workhardriseabove.com

thestogiestore.com

subconsciousgod.com

furiousdubai.com

chauffeureddriven.com

cabinetfuid.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3edab742079945e0c1f82cb389c48406bb46188fdc0fd53c24526cc802ddc1b9

Files

3edab742079945e0c1f82cb389c48406bb46188fdc0fd53c24526cc802ddc1b9
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB