xloader | 6573cff75864e1d11db2beeb550f9a700f62013cce875d203548d94416061bd0

General

Target

6573cff75864e1d11db2beeb550f9a700f62013cce875d203548d94416061bd0
Size

164KB
MD5

b09067ba80d46b0293eeb39169de69c8
SHA1

7e80535553cd811ea265ac9fa7f5005433b709d1
SHA256

6573cff75864e1d11db2beeb550f9a700f62013cce875d203548d94416061bd0
SHA512

fb4f5d424de3cad7c85747d967d195c767e29e8e2ba74d732b14cfc5a59236e117b592c44def5c1d92a44c7b2bfcb2490bab077e6a45b86faaaa134707f9fffd
SSDEEP

3072:5IBpEd29AV07wJNMVI6m3IwMfTQubC8fPMphzmrvew:5IwTVzMVFQ/MfTQ8vfPMpUL

Score

10^/10

rat bsqc xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

bsqc

Decoy

camoladeva.com

usavelo.com

theinfiniteloop.art

divine-beauty-by-jsh.xyz

fmovies.faith

fieijfjie.xyz

tellybeast.com

aktau.group

eternocell.com

kopidenver.com

tryput.com

blognumber.one

sgpvbzw.com

web-calendar.store

cb003.xyz

deserznad.quest

costalitaestepona2d.com

cleanityzer.com

wokeometer.com

rescind.xyz

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6573cff75864e1d11db2beeb550f9a700f62013cce875d203548d94416061bd0

Files

6573cff75864e1d11db2beeb550f9a700f62013cce875d203548d94416061bd0
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB