xloader | 15fa4d242b26dc43189b940b3d6dbaf42435dcb2b253f04467b70670cca34a4e

General

Target

15fa4d242b26dc43189b940b3d6dbaf42435dcb2b253f04467b70670cca34a4e
Size

160KB
MD5

b1c107628d17896aca073139a0eb9118
SHA1

e2121eb409e03bb05e76c05d314f44a229e89fb3
SHA256

15fa4d242b26dc43189b940b3d6dbaf42435dcb2b253f04467b70670cca34a4e
SHA512

4d52402a2d580d7a6b28486f97fe6ece0748c29bf15ee1d53ec2373f9e2b6d2e1966dec67bbe55051b9cb06433f4812d497292b170f9005db994fc441f0ee9e8
SSDEEP

3072:Y9BzI6Gl2sgxB8odW6iI6VbQEORs+enqv24F/QU7LeEY8M:YDLZaod9hWbrORs+eU7/vPeEY

Score

10^/10

rat p3q8 xloader

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

p3q8

Decoy

joyjoystore.com

dhznscklxe.com

sibal-taxi.com

idealtecoman.com

bridesword.xyz

poppyca.com

asoftplaceofrest.com

sainathadvertising.com

jankariinhindi.com

gfreshdelivery.com

kimbilgi.com

xzwykj.com

6huamo.com

amorabsoluto2020.com

buyhypoclean.com

rabatt-dealer.info

rapidtestor.com

envio2.xyz

greatroomsdesign.com

hgdental.net

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15fa4d242b26dc43189b940b3d6dbaf42435dcb2b253f04467b70670cca34a4e

Files

15fa4d242b26dc43189b940b3d6dbaf42435dcb2b253f04467b70670cca34a4e
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 156KB - Virtual size: 155KB

.text
Size: 156KB - Virtual size: 155KB