xloader | 9921e85574424084d8b4245406d4f96cb96a511ea5d1d0340278a9e9f4cf7449

General

Target

9921e85574424084d8b4245406d4f96cb96a511ea5d1d0340278a9e9f4cf7449
Size

18.3MB
MD5

1aae5147de311507ba2bbc6b8f40b19e
SHA1

6002f51f6a2642373b262e4ff38b1a68825aeedf
SHA256

9921e85574424084d8b4245406d4f96cb96a511ea5d1d0340278a9e9f4cf7449
SHA512

ee4dd08350290dd9ed4b8db307dd549d46b1037db5f811c843765b6380e31fcf1dd49fe36d6e440d10239c83a6ea5edfe2717fb2dba99a03e7eb9440c0f5c996
SSDEEP

3072:sJJSujbi0whcmBkMwnDQ93tLMoVZH+Yryyo1xKEthJqJM:s2Z5aMwD83tLMGZeYryFxJtV

Score

10^/10

rat wesd xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

wesd

Decoy

makiwokuberu.com

sakugacollectibles.com

8ynzp.com

merklecrypto.com

monpetitromeo.com

oakcliffbuildingmaterials.com

pompanopaintnsip.com

ellieington.com

viewseviercountyhomes.com

qdhdyx.com

olymporian.com

nhentayi.net

alexkfisher.store

smartam6.xyz

tradepuma.com

alina-and-romain.com

bjvqe.com

annumknytte.quest

attonburn.com

acerosamerican.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9921e85574424084d8b4245406d4f96cb96a511ea5d1d0340278a9e9f4cf7449

Files

9921e85574424084d8b4245406d4f96cb96a511ea5d1d0340278a9e9f4cf7449
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB