xloader | 0883639036e3cc1832d17c75746788d43fc16915fd6bb34a15aa49763f08c86f

General

Target

0883639036e3cc1832d17c75746788d43fc16915fd6bb34a15aa49763f08c86f
Size

164KB
MD5

e096cb02ecd99dff2e4d261e0ace074b
SHA1

f37d8922fb4e6c0f3defa6fd5ba5ea7d1420610f
SHA256

0883639036e3cc1832d17c75746788d43fc16915fd6bb34a15aa49763f08c86f
SHA512

6e06b706644e5eb391656f89e69441be49d333dad8443a1d33e60e4d54c7adcfc898be2761aa347ab7afe324896bc6f61ec070324d6e259bbc8d1f8e431e370c
SSDEEP

3072:WJBu2Q49XL22MAOQklUT96fzeGYUyjOv2l9DN394L2sVX0x:o79ZMAhI296fqcyll9M2EE

Score

10^/10

rat p83q xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

p83q

Decoy

encryptionlog.com

sarasotaexterminator.com

bahialda.com

smartpom.store

lostsupper.club

hifidelia.com

aucreuxducoeur.one

kidsonstudio.com

ylizhi.com

squadfront.com

cdgdentist.com

politelyoffensive.com

iumenn.com

koshercoin.pro

optimicynic.com

extutors.com

josephsconstruction.com

pithgo.com

desclaw.net

kemalilik.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0883639036e3cc1832d17c75746788d43fc16915fd6bb34a15aa49763f08c86f

Files

0883639036e3cc1832d17c75746788d43fc16915fd6bb34a15aa49763f08c86f
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB