xloader | bac206723e9acce89a1343a09d8c4e49afbc6bece11159dd7d7b000f464755d4

General

Target

bac206723e9acce89a1343a09d8c4e49afbc6bece11159dd7d7b000f464755d4
Size

164KB
MD5

ee37856afe829f3e6c2ed6fd20659d6f
SHA1

afbe4d00a6b9687464c6eaa5c89d0ccb7df34bdd
SHA256

bac206723e9acce89a1343a09d8c4e49afbc6bece11159dd7d7b000f464755d4
SHA512

e24ba4c4f9baf6a6485e76dedc7b144fcdeb723d579ba0941f2a3e64af59798d27205630afe25ce533aa1c6ddda253eba6e23ddb6ecb0547d158097989b4e3e7
SSDEEP

3072:BJ/Ij29VywXOBMxPY7e60odwhxTxDk6ZECkhRs9en:jIMNeMxAy6BdwhxTxoqcRDn

Score

10^/10

rat r0ku xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

r0ku

Decoy

profit-fx.com

anyclosings.com

genomepowered.com

it-brainpool.com

industriaselreynino.com

theballaratshop.com

niseysway.com

carpesntertechnology.com

newbalancegirls.xyz

stylishwearz.com

duiqn.icu

amaltheaklinikken.com

romecovidsummit.net

jsyysn.com

uctwifi.net

girlshustle.com

xn--vp-xka.com

mypatinacare.com

immobilienmaklerinspanien.info

worldqkqk.xyz

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bac206723e9acce89a1343a09d8c4e49afbc6bece11159dd7d7b000f464755d4

Files

bac206723e9acce89a1343a09d8c4e49afbc6bece11159dd7d7b000f464755d4
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB