xloader | d13e9ca493fc2125b27d9850ebc7e595648ef887f58926744892431a17c75da8

General

Target

d13e9ca493fc2125b27d9850ebc7e595648ef887f58926744892431a17c75da8
Size

164KB
MD5

ab462af07bcd56c6e3efb42269076af5
SHA1

4f4403ace4b6ab5cf97374da2b015089e7f0ed01
SHA256

d13e9ca493fc2125b27d9850ebc7e595648ef887f58926744892431a17c75da8
SHA512

5eea299bbcf1d89f6dffa327f786b5ec70a59e4c230d0fc66fdb311f667ed293043b2d4b16a2f2dc191f28b247c06d8a22b36a41c0542683602b76749f9016a1
SSDEEP

3072:CTpsE2QyWoE/rsNOMea3QFYdbzf8nE/qvntrP86Zt8vjCL1XC:CaEbs8MeSIYd/fWEa9PN8gXC

Score

10^/10

rat afj0 xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

afj0

Decoy

casadelimaperu.com

allswave.com

ennfrancosays.com

yougoutu.com

sweetiemebe.com

theelegantflame.com

pro100services.com

dhakhtar.net

xn--hss-s83bwm.com

tyronaide.website

scan-tip.com

gomminnekym.quest

portailservices.com

sbdllp.com

izmirfiloyonetimi.com

httpwwwegycancer.net

gameracy.com

quickgetdevice.online

equipmentstrader.com

mustofamariana.xyz

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d13e9ca493fc2125b27d9850ebc7e595648ef887f58926744892431a17c75da8

Files

d13e9ca493fc2125b27d9850ebc7e595648ef887f58926744892431a17c75da8
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB