xloader | 3ab84c61e2c0929b6da9b7e6a865165039e6c4a879b410763b169f843d32d6a5

General

Target

3ab84c61e2c0929b6da9b7e6a865165039e6c4a879b410763b169f843d32d6a5
Size

164KB
MD5

a0ce5a3693f07ffc6a0d6e0246c28c5d
SHA1

155c36fba7a8c32a48879ba44098497e23cb3eca
SHA256

3ab84c61e2c0929b6da9b7e6a865165039e6c4a879b410763b169f843d32d6a5
SHA512

da8e197a65b1d665ad609150b4d64ff1165e771e6b7b1a10b8e6ee652b6c69d0097c7a54b02f8928ae122e7bb3ce0d54e9e542c737f3c11a97e7d04bb80f975a
SSDEEP

3072:7CkJrqjS8m1equmXMJfFM3B+tKC/Zo07ebSCyYU:mgLe4MJtqB+tz/ZK4h

Score

10^/10

rat nhc5 xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

nhc5

Decoy

accesshaiti.online

forlifeplus.com

analytics-as-a-service.agency

joinlever.com

mshoping.xyz

jarfalla-fashionoutlet.com

goccedaynight.com

xwindsins.com

nextlegends.net

giainhatvn4052.com

egramexchange.com

cannonbrookes.club

annocadans.quest

jcyaccessories.com

xn--6fro70bsph1ndpzpzliu13b.com

loliconfts.com

shadowofawheel.com

billywilsonbooks.online

envizionclothingstore.com

graffitiremovalguide.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ab84c61e2c0929b6da9b7e6a865165039e6c4a879b410763b169f843d32d6a5

Files

3ab84c61e2c0929b6da9b7e6a865165039e6c4a879b410763b169f843d32d6a5
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB