xloader | 0dde456e7a0708c5c27cb1343b29e2b268d9245af955205bbfa00cd470a88d98

General

Target

0dde456e7a0708c5c27cb1343b29e2b268d9245af955205bbfa00cd470a88d98
Size

164KB
MD5

233fd8ca58947a055dd4ad94da32dc40
SHA1

5101ff82ff0acfa085d3509420d7dd56ed2453b6
SHA256

0dde456e7a0708c5c27cb1343b29e2b268d9245af955205bbfa00cd470a88d98
SHA512

61d06a676a73c6ea34f8e9bd15431a0cabdf78c5d6f4aa6039afbab8d4e042802b7e76ec8ee420e176778a9515b7c527b34cdd423750ef1b7a72687bee031f2c
SSDEEP

3072:w8pnZW2IGG3AUwuMnT/eG7yNRvpDVLoRaomAOWaB:wUgdPMn7pmNRvZmfKWaB

Score

10^/10

rat cm5a xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

cm5a

Decoy

1sab.claims

autowallet168.com

1500games.com

zasniekrabic.quest

zhjhwjg.com

liberty-roleplay.com

gnaciogerson.com

makiniherbal.com

fondationautes.com

perfectsat.online

nirvanaparrots.com

xbtiyu.com

jamesjalberino.com

valenciamobilenotary.com

safeissueb.com

samarpankota.com

rhubarbporuuz.xyz

oslokolen.com

canceleriatorrez.com

topsecretagencia.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0dde456e7a0708c5c27cb1343b29e2b268d9245af955205bbfa00cd470a88d98

Files

0dde456e7a0708c5c27cb1343b29e2b268d9245af955205bbfa00cd470a88d98
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB