xloader | 6075a8dd4b681a24bfbf85566e9f7cca472d12548187fb46576b46521b7f4fe1

General

Target

6075a8dd4b681a24bfbf85566e9f7cca472d12548187fb46576b46521b7f4fe1
Size

164KB
MD5

8cbd6813ca0f23596f3f721d2a8707c8
SHA1

d4268ef9a933ffc95daa86efc49b4f2e70111da6
SHA256

6075a8dd4b681a24bfbf85566e9f7cca472d12548187fb46576b46521b7f4fe1
SHA512

cfa325d2ae35ba6c2523c3120023519ff79b253c17e69d5445e74860030c92c418d54a5f0dbc73d57c111b9bcc0122d1b9c82d6d67e0be10059dab1d5a39d47d
SSDEEP

3072:MjpMo2t2QQaUxIMNh35sANGUHKEx6EA9ie6BxFpaT:M2BC+MN9+ANGUqP9c5o

Score

10^/10

rat u6vb xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

u6vb

Decoy

blendedmatter.com

piquinmarketing.com

dubkirelax.online

optimumotoaksesuar.com

bendisle.com

islamicgeometricpatterns.net

cheesebox.online

lh-coaching.com

buildingmaterial.info

backwoods72.com

goodtreetee.com

zknqqpvsypx.mobi

phukienstreaming.com

turkistick.com

cbd-shop-portugal.com

imherllc.com

krallechols.quest

ttmmb.com

pornmodelsworld.com

weakyummy.space

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6075a8dd4b681a24bfbf85566e9f7cca472d12548187fb46576b46521b7f4fe1

Files

6075a8dd4b681a24bfbf85566e9f7cca472d12548187fb46576b46521b7f4fe1
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB