xloader | b65401a15d54c69391cc4cab8531a0fe85235c64c7d6a890a90ac5c5dceb8d4f

General

Target

b65401a15d54c69391cc4cab8531a0fe85235c64c7d6a890a90ac5c5dceb8d4f
Size

172KB
MD5

66abdbd703cbf2154cfebcfa8fd6a3a1
SHA1

b80797e185c010c586cc8bfe23ba94069a1ea15f
SHA256

b65401a15d54c69391cc4cab8531a0fe85235c64c7d6a890a90ac5c5dceb8d4f
SHA512

4a4476d8d2e929a951613515d744ee50cf9b6817fc1867cc49ae569abb868e1541130a4aec7a94d1a32af877f1272688cffed188a2f7e50899cbca24603d84ec
SSDEEP

3072:d1QTJ3o+uGIfEg0nNIypWwMhZZ9PUbXeSKVvp0c7kd5Upe/HneI5t87nePG:d1y4+HKonNIyNIZj05KVvpb7kd5UpnXe

Score

10^/10

rat pu6s xloader

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

pu6s

Decoy

premiumsalesforcesupport.com

californiasurvivors.com

stirka-rf.store

ayso161.site

delinfest.com

slavingreen.xyz

zpaov8.online

mobilroj.com

thegemyard.com

helpwayonline.com

mondawminfinance.com

gamesh.info

gwsye.com

airslot138.info

benfuddled.com

pearl-outfit.com

btcfarsi.com

kelleryouth.com

catalog.zone

munichu.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b65401a15d54c69391cc4cab8531a0fe85235c64c7d6a890a90ac5c5dceb8d4f

Files

b65401a15d54c69391cc4cab8531a0fe85235c64c7d6a890a90ac5c5dceb8d4f
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 166KB - Virtual size: 166KB

.text
Size: 166KB - Virtual size: 166KB