xloader | 8d3cdf591d2717fec92c570a49ed44088603dcfc601ade1893210c04ead03e9b

General

Target

8d3cdf591d2717fec92c570a49ed44088603dcfc601ade1893210c04ead03e9b
Size

164KB
MD5

7c86ae0ea7dbe1a9b06d1fdd3ab70472
SHA1

1f2c476c998ebccbcadd9eb5a69d23de5eda19ff
SHA256

8d3cdf591d2717fec92c570a49ed44088603dcfc601ade1893210c04ead03e9b
SHA512

3d7cd6fbff763f67ff37cd3ca3500e40d60ea0d803e035b2d3a902b0cfadb0955e784aa291956dbbb859d47fa7602ee16da0ea497d2ca42c861a5c391b831550
SSDEEP

3072:yJ4bm2lC0MXHUA+MDA30+z+BFQd8FVJi1807XnP/zcY:9b5pvMD4nFd8FVi8MXnXzc

Score

10^/10

rat s9m1 xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

s9m1

Decoy

osangllc.com

selfdoubtsyndrome.com

cressieandbrooksllc.com

samally.xyz

xfb5.top

lidia-gorbal.online

thornebestadus.info

lavagepp.com

rajendrasodacenter.com

moyue31.com

telefoniica.com

suddennnnnnnnnnnn20.xyz

dialibaloc.net

hicincinnatieastgate.com

flndmy.cloud

cssousou.com

giveaway-dogezoo.com

obsidiancandles.com

residentialeducation.com

stealth-emissari.asia

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8d3cdf591d2717fec92c570a49ed44088603dcfc601ade1893210c04ead03e9b

Files

8d3cdf591d2717fec92c570a49ed44088603dcfc601ade1893210c04ead03e9b
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB