xloader | 6229676731bcdac1cb4627d8d9ee77ae1d76c1bb335f89899edffb8d2192b537

General

Target

6229676731bcdac1cb4627d8d9ee77ae1d76c1bb335f89899edffb8d2192b537
Size

164KB
MD5

c637c9679b089134123c4fc6d5121232
SHA1

72186a733a21e266f9062587e092ecd74c98e4bc
SHA256

6229676731bcdac1cb4627d8d9ee77ae1d76c1bb335f89899edffb8d2192b537
SHA512

2b50e48f07c270557ed8e6c9b50792c9099397005a5e50bd6bba6f0512298190882ccd70c9623eb59255ef9b242048354a27d512f1aa1a26912df530903e63a7
SSDEEP

3072:Jlpu628AAddzqpLwn7VY29IdnvTQFniN698GZqYu+:JGPmepL4Zj9IdnvT7c98GAYu+

Score

10^/10

rat nqni xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

nqni

Decoy

lekitaly.com

heroteas.com

funtique.art

cedarmoonshop.com

greenozon.com

jonescompanysolutions.com

pdxls.com

icreateandcut.com

healthylifeagainnow.com

zhongxinzxpz.top

hotelsaskatchewan.info

louisebeckinsale.net

hivizpeople.com

sanjoseejidillo.com

turnspout.net

suddennnnnnnnnnnn02.xyz

annianzu.icu

webdesigncharlestonsc.com

headrank.agency

bradyiconmusiccenter.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6229676731bcdac1cb4627d8d9ee77ae1d76c1bb335f89899edffb8d2192b537

Files

6229676731bcdac1cb4627d8d9ee77ae1d76c1bb335f89899edffb8d2192b537
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB