xloader | 85ab1cf884738c9acb9958f50fc180062a2efc6c9ae11622c0589f220376ef99

General

Target

85ab1cf884738c9acb9958f50fc180062a2efc6c9ae11622c0589f220376ef99
Size

164KB
MD5

1859ae18d76cb77cf4ddadfc34243253
SHA1

b8b82bcca654820c301b4ba44639409bcce62d72
SHA256

85ab1cf884738c9acb9958f50fc180062a2efc6c9ae11622c0589f220376ef99
SHA512

70c08cba87f8ccaca92658a59d7e078812d952697e446baf7524905e47cb50b3d84fb62bd6670bc4f5bebffb6a1492386019ed0d53273cc642fc6c45ac4febe4
SSDEEP

3072:eAxpd12O6ZklHlMa5IXS8dwcG6TQW7axxcddVZSZDEMW:eApYOFMa6i8dwz6T/7uxC/cZDM

Score

10^/10

rat dgrg xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

dgrg

Decoy

iot-vn.com

gamiteisnowjoyned.com

ak8flfqzm8.com

daliborkokic.com

mrk-9.com

tanzibkarate.quest

mburmtdvccti.mobi

thomas-wildlife-control.com

thebritenseries.com

hkkbags.com

redenyl.com

resilientbutterfly.com

nicethelab.com

xn--1lq90isray30ltdc.xn--czru2d

cyberews.net

naclepin2a.xyz

rodrigocoppa.com

hightings.com

chamaaibrasil.com

bdelsaer.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
85ab1cf884738c9acb9958f50fc180062a2efc6c9ae11622c0589f220376ef99

Files

85ab1cf884738c9acb9958f50fc180062a2efc6c9ae11622c0589f220376ef99
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB