xloader | 7b736f0bd811f5fef7955f90f90b4f6d16e557f1f9eb9c7edd838d1d6cb6c295

General

Target

7b736f0bd811f5fef7955f90f90b4f6d16e557f1f9eb9c7edd838d1d6cb6c295
Size

168KB
MD5

dcab5f61361dc82036f2802ef20eac94
SHA1

e8e2bd792b359d94b0c80a4aae439f84bd92373d
SHA256

7b736f0bd811f5fef7955f90f90b4f6d16e557f1f9eb9c7edd838d1d6cb6c295
SHA512

4538dd323b9d830ebb059a4f2e8ea849cdea3ed5f8caaa6695d715d5b9770c2caa3d70285378aebe8b880507f01bcfbbfef89e13cf5fb7207d577d856a9937cd
SSDEEP

3072:PJoN62wGXSwwdBMJJRu8kysNJR1yCSbKtlOnsPTSR:ef2XMJjfkysNJR1y/7ns

Score

10^/10

rat arri xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

arri

Decoy

caixinhadesom.com

thoughtroad.com

netexpertos.com

bmsiaccesshk.com

workingwithcomplexity.com

nixbik.com

hebedsa.com

retirednightowl.com

221791.com

zestboardgames.com

dangdike.net

jitclw.com

vplike.com

huifengnf.com

worcesterhistory.store

koli-skrap.com

lheteclase.quest

emilio-m.com

719941.com

anapriscilamarketing.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7b736f0bd811f5fef7955f90f90b4f6d16e557f1f9eb9c7edd838d1d6cb6c295

Files

7b736f0bd811f5fef7955f90f90b4f6d16e557f1f9eb9c7edd838d1d6cb6c295
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.rsrc Size: 1024B - Virtual size: 960B

.text
Size: 159KB - Virtual size: 158KB

.rsrc
Size: 1024B - Virtual size: 960B