xloader | c3c180c461a399a1b2c9587574596dc45e4064dfdf63f39aa8a3b7088240cdc5

General

Target

c3c180c461a399a1b2c9587574596dc45e4064dfdf63f39aa8a3b7088240cdc5
Size

118KB
MD5

2c91f5fb613f6875e9065444f7a70e07
SHA1

f9b7091c1b3da5425c52e45c852e8bc7e338cdd0
SHA256

c3c180c461a399a1b2c9587574596dc45e4064dfdf63f39aa8a3b7088240cdc5
SHA512

241800ee0bbdad7447b7b1bab523034ece85ea4d09550416fd48ff65155b9f4f812ca3d634bb72ceb493489d683fcc194783808d72c1cd39042c44fbe1d9f8ed
SSDEEP

3072:cWHx9YEJ6tfezy7iM2elbumkiQWIvOAulLU8/6EMG6:hMEJ4eu7T2YkRWBAsU8y3

Score

10^/10

rat u8cq xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

u8cq

Decoy

ardentb.com

kaeltefath.com

galataegitimkurumlari.net

rap8b55d.com

zn9998.com

alvinceremiaam.xyz

whitecorp.net

plandout.com

craftscora.com

katx.info

ruleship.com

qinuxdrone4k.com

vtprealtor.com

serviciomovistar.online

amazon939.com

gm8898.com

housesyrron.com

impqtantaou.com

linksmarttech.net

tubbipets.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
static1/unpack001/b.bin	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/b.bin

Files

c3c180c461a399a1b2c9587574596dc45e4064dfdf63f39aa8a3b7088240cdc5
.zip

Password: infected
b.bin
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB