xloader | dda9e01644d94f453aafb6a191e4517233c8b314249b39f8a85e95f9cef51eb8

General

Target

dda9e01644d94f453aafb6a191e4517233c8b314249b39f8a85e95f9cef51eb8
Size

164KB
MD5

28f04399e448db94564a5dbce85a2538
SHA1

6c65bc75342d41f0f647658695d74d972a7a59fc
SHA256

dda9e01644d94f453aafb6a191e4517233c8b314249b39f8a85e95f9cef51eb8
SHA512

ff60c75515714eff3239b89ad0fb521c9f01226378eed81779c01165fd235f890ed34a66399590e00028ce776c1011e430753e14b2d6e64d6bef14abe9829ce1
SSDEEP

3072:LJ94fjIPq82OU68FNpq58S2QNRixNVT4iw8oqe+cA+EDXv9ho:74UFunpqe1QNRix/T4Z87vX1ho

Score

10^/10

rat s4mt xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

s4mt

Decoy

deviousrofwft.xyz

iphone13.photos

cameraderie.info

flogotwheelz.com

lunasconstructionllc.com

unameofficial.com

digitalboat.cloud

hifi-cans.com

breskizci.com

kyleandconner.com

punnyaseva.com

elitephotoedit.com

pizzatallrikar.one

espacio40.com

bvgsf.xyz

splootingcorgi.com

metaverse360.biz

xnegbuy.com

buysubarus.com

optophonia.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dda9e01644d94f453aafb6a191e4517233c8b314249b39f8a85e95f9cef51eb8

Files

dda9e01644d94f453aafb6a191e4517233c8b314249b39f8a85e95f9cef51eb8
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB