xloader | 3fb7e450fb27d6139419ad4783679247066f28f8940e62e0d10b4b1045cace9f

General

Target

3fb7e450fb27d6139419ad4783679247066f28f8940e62e0d10b4b1045cace9f
Size

168KB
MD5

7f753d39fa1d4bbb709b2f01475760a1
SHA1

33c277c9d3806f5989968d3862ec5556d5fe0360
SHA256

3fb7e450fb27d6139419ad4783679247066f28f8940e62e0d10b4b1045cace9f
SHA512

0b481a12ba23288781d5524782992f269fa683f07b6feda12b506f948d9bdeb8bdb3432ab423e2d111240d7f5cc3da2d7a833aa82da81455be266bfe4897a56e
SSDEEP

3072:KhJVcjA/9m3CdyY7MHxBA1e3bMcCQ7PKQkvQgMvvPlaQNL/5AR:KBSWyWMHXAwrMcCs2UMQNLq

Score

10^/10

rat ahge xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ahge

Decoy

zlh.biz

suddennnnnnnnnnnn11.xyz

okanliving.com

shopeuphoricapparel.com

hcifo.com

haciendalosangeleslaguna.com

shineshaft.online

monclerjacketsusa.biz

uwuplay.com

psychicdeb.com

adonlet.com

theprogressivehomesteaders.com

ammaninstitute.com

sqpod.com

tropicbaywatergardens.net

yna901.net

3christinez.online

tastemon.com

karansabberwal.com

delegif.xyz

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3fb7e450fb27d6139419ad4783679247066f28f8940e62e0d10b4b1045cace9f

Files

3fb7e450fb27d6139419ad4783679247066f28f8940e62e0d10b4b1045cace9f
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.rsrc Size: 1024B - Virtual size: 960B

.text
Size: 159KB - Virtual size: 158KB

.rsrc
Size: 1024B - Virtual size: 960B