xloader | 22fbee2a3de29f861689bc26a90a05d8411d512d56215fc787057d9d9ff5a710

General

Target

22fbee2a3de29f861689bc26a90a05d8411d512d56215fc787057d9d9ff5a710
Size

164KB
MD5

8cc6c64a0d29540dcc930b925572997e
SHA1

a6213b7fb8e196f2fc45014bc76d9d496c466950
SHA256

22fbee2a3de29f861689bc26a90a05d8411d512d56215fc787057d9d9ff5a710
SHA512

e4a7bd37a162ceac62ae121ae486b376be6a8a48945100607945e67f9dfba2218d93c007275d2562a81debc7a5340c2e851d8000dd1ba2bcb217a8a63602390f
SSDEEP

3072:CxpQn2xBrxwe5MEE6TPlgt+dZ8Zz9klE/p6ycCSIf:C806iMElrlgt+dWz7g

Score

10^/10

rat ordv xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ordv

Decoy

boliden-ab.com

internationalinsurace.com

young-shop.online

accesshaiti.online

kelloggsvideos.com

allanglessurveillance.com

valentina-gil.com

unforgettablekreations.com

freedommontesorri.com

yp890.info

nifaji.com

ocopusa.com

urbanmastic.com

andrialimran.com

scpartnersgroup.com

plumbersguild.enterprises

pepr.xyz

leysy-y-nazareno.com

listodates.com

flw.ink

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
22fbee2a3de29f861689bc26a90a05d8411d512d56215fc787057d9d9ff5a710

Files

22fbee2a3de29f861689bc26a90a05d8411d512d56215fc787057d9d9ff5a710
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB