xloader | fe3547b2d57c9034ef00f2d0309bd997ed514a8935f9185b81b79c419c4b68c8

General

Target

fe3547b2d57c9034ef00f2d0309bd997ed514a8935f9185b81b79c419c4b68c8
Size

164KB
MD5

5a8b9d19b7268175f0cb3143a731eabb
SHA1

d09f111459b7ae661f318f98846606ed961ae51b
SHA256

fe3547b2d57c9034ef00f2d0309bd997ed514a8935f9185b81b79c419c4b68c8
SHA512

2c4f8a79b852df6516cfe0958b86f3ec656625decfc37c3b82c14b5877eb78d971cfa5bcfe3ff2d0c4f8870f9d04be6c3caba09e94a114f67d9a124fb46ea814
SSDEEP

3072:W7opi/2d6pP8s3MMEpiwCUEa9FfBlD4H5L3Q/DCgKvUh:SBPz8MEEHUx9FfjDs5L3Q/WgKU

Score

10^/10

rat d9an xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

d9an

Decoy

cndh335.com

stackgale.com

dishsolid.club

desel.info

tobogane.net

pnwcurated.com

scalaula.com

adult-affi2405.com

chinaqia.com

avatarsonnenbrille.com

midtrailcrossing.com

himadecor.com

alportakci.com

almashora-ae.com

workingfromgarden.com

yuhueiyang.com

filipvujovic.com

winter-hat.com

arufer-moves-collection.com

moderndanish.net

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fe3547b2d57c9034ef00f2d0309bd997ed514a8935f9185b81b79c419c4b68c8

Files

fe3547b2d57c9034ef00f2d0309bd997ed514a8935f9185b81b79c419c4b68c8
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB