xloader | 430dcac8cfab02365148cedfbd3ad386e74aa28a1d9443c8278649d6b60b35b6

General

Target

430dcac8cfab02365148cedfbd3ad386e74aa28a1d9443c8278649d6b60b35b6
Size

168KB
MD5

75ad0521270477d956bb5de29be1b994
SHA1

32363e029c333109377c29fd80388eb378bf8e95
SHA256

430dcac8cfab02365148cedfbd3ad386e74aa28a1d9443c8278649d6b60b35b6
SHA512

0e0befb14d0e785245cbdf2e36be3cd39dbe10dd05a19369f3ca341ddc358ab5d664f01983813a28d06acce17e4e9538347c1de20a39324edb9d6d1c2ac2437c
SSDEEP

3072:2YJ3AO20VYL9UA/MEHJ2nX/8E9ctE59LbFMdZAubNXi4ymqBak:24AaY6OMEpsv8E9ctEfL5KZxbNX5y

Score

10^/10

rat it3s xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

it3s

Decoy

mangapornft.com

ashiroo.com

facilcomex.com

theinfinitedevelopment.com

xilangzn.com

yourshappyshopping.com

gaspeedaze.com

suwei8.com

bunneybunney.com

iamtheirwellness.com

dip-directory.xyz

jervinse.com

atmrafiq.com

vyxel.club

bitchesheartpickles.com

founderavenue.com

jhalariyamath.com

4002poinsettia.com

023zyg.com

drimev.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
430dcac8cfab02365148cedfbd3ad386e74aa28a1d9443c8278649d6b60b35b6

Files

430dcac8cfab02365148cedfbd3ad386e74aa28a1d9443c8278649d6b60b35b6
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.rsrc Size: 1024B - Virtual size: 960B

.text
Size: 159KB - Virtual size: 158KB

.rsrc
Size: 1024B - Virtual size: 960B