xloader | f1d02140ea91af92e10ea057088a9c183fb585c253e922dcade3bb0b70fa42d4

General

Target

f1d02140ea91af92e10ea057088a9c183fb585c253e922dcade3bb0b70fa42d4
Size

164KB
MD5

d135e3b2f763d46cf8d6780c82e5c36b
SHA1

daa55a33f26339692606537d0a8b4d544a800be9
SHA256

f1d02140ea91af92e10ea057088a9c183fb585c253e922dcade3bb0b70fa42d4
SHA512

ac602d5bff1713ae95961cc7b6a063249f90ff4e2d120f4cb5c814eecaa1ce58bf4d34af675e49fce3055999a80ec37dc737d1aa1f55654b672eb7ce098e097a
SSDEEP

3072:HwpbU2/OC70foEMb1GJxmMNghSuIy1Gr4rA:HEK3hMb4zmMNghSfV

Score

10^/10

rat soqi xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

soqi

Decoy

ultimateconsoles.com

cartwheeldesigns.com

xn--80aqgg8ag.xyz

egurusolution.com

arenaheater.com

bestpayoutonlinecasino.com

luvvlyjubblyshop.com

karfarno.com

aqxz28.com

nousky.com

gzfj888.com

draka.online

maxherollc.com

ohmy.bet

nuocsucmienghoanghuong.website

seeyoucoin.com

jurisdisco.com

kiramelita.com

conexaogrupob.xyz

yrtuliao1.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f1d02140ea91af92e10ea057088a9c183fb585c253e922dcade3bb0b70fa42d4

Files

f1d02140ea91af92e10ea057088a9c183fb585c253e922dcade3bb0b70fa42d4
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB