xloader | 2359f46049b9063b23275c59ec86f36b1180b20fba16fd967f1be7d2936e3273

General

Target

2359f46049b9063b23275c59ec86f36b1180b20fba16fd967f1be7d2936e3273
Size

172KB
MD5

1564403f2fce73716898b56b5a8f3a56
SHA1

9eb6b366f840f5cf48600ef9db802ff4a41bae61
SHA256

2359f46049b9063b23275c59ec86f36b1180b20fba16fd967f1be7d2936e3273
SHA512

86dd6f8b2b8e0342bc629ee4346490a7d16e299cb01fc6d29f3097ca6c968d103bf7da633533ad74ba50191cfe8b9cdaf4e898a017b513ca196627a587d90b28
SSDEEP

3072:nJTzJw423gzFwcEBmWpX1QLUh6Kx9GN0IZLBIlupTNHPMSN/h:nzx2w3EBZ1QaFx9jIZLBfhHPMS

Score

10^/10

rat gmn4 xloader

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

gmn4

Decoy

unboundedhealthandwellness.com

tructhangsaigon.com

orchardowl.com

polypaveconstruction.com

cibepe.com

zgjx8.com

bechincha.com

orangecountyeventcatering.com

serviceavrsxw.com

cats.radio

hands4ever.com

transformationbodyjewelry.com

cleanfornature.com

venom.media

trxfree.com

blogstart.site

zahnarzt-thomas-steinbrueck.com

rockshop68.com

hehua5.com

yineccn.store

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2359f46049b9063b23275c59ec86f36b1180b20fba16fd967f1be7d2936e3273

Files

2359f46049b9063b23275c59ec86f36b1180b20fba16fd967f1be7d2936e3273
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 167KB - Virtual size: 166KB

.text
Size: 167KB - Virtual size: 166KB