xloader | 173e04cfb1ec6d44ef427526cf90fbde914a8f8b37104b8105153ea7a2c30f2c

General

Target

173e04cfb1ec6d44ef427526cf90fbde914a8f8b37104b8105153ea7a2c30f2c
Size

164KB
MD5

dacf15a5c17c2cc4f1fdf0668bb34c8d
SHA1

73db480b112f39626f070679d73955e8f23f4764
SHA256

173e04cfb1ec6d44ef427526cf90fbde914a8f8b37104b8105153ea7a2c30f2c
SHA512

bd7b8b5097f3156e933091dab9842fe6e66e21f06c8c5fa8b4b8f31d3e674af8833c1c01867eb6635fec460ccebafaa10f61e59b8ae77979ed7a6b7cb9b7f752
SSDEEP

3072:iXJAQjz+o2u93TsKMUq9TiDgUDy8oiArj3GHGI+5qM59Fy:iKZyTLMU0cgUDy8oiAbV5fzU

Score

10^/10

rat rnfd xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

rnfd

Decoy

digitalkidsmarketing.com

dataroom.services

digitalartssummit.com

jenniferdickquistlaw.com

ultimateoutdoors.store

academysaz.online

zachtippit.com

radiaflat.com

capnhattintuc24.xyz

sachitool.com

cures8t.com

rajkuver.com

ladderflow.com

shirtslook.com

covidreliefbill.com

donottag.store

boosterpublication.com

raapmanagement.com

monkinsider.com

cleaningservicesearchcan.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
173e04cfb1ec6d44ef427526cf90fbde914a8f8b37104b8105153ea7a2c30f2c

Files

173e04cfb1ec6d44ef427526cf90fbde914a8f8b37104b8105153ea7a2c30f2c
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB