xloader | 1bdf66ed5667345edc2315122a60838baa3839f8e254ad73912bc3af9da17529

General

Target

1bdf66ed5667345edc2315122a60838baa3839f8e254ad73912bc3af9da17529
Size

164KB
MD5

7a25e16b7c2172ba51905eb2774be99c
SHA1

bfcdd76c1feef665d22324af6c6fd0f00f4cda82
SHA256

1bdf66ed5667345edc2315122a60838baa3839f8e254ad73912bc3af9da17529
SHA512

8c8cc0b17aa63c9f2cbbd1deb47995f84002e819968f139c1dcde31708ebade2dac29dbd90c92f82dd64e833b04b908a87e30a2e403181910d732b9e9e2ed299
SSDEEP

3072:VFpEY2OeWfr0EM95qqoftLkuDoEiRQOKPnZC5zm9IbG7nOs:V8BUFM9ArftLkuDoj6OKPZC1mP

Score

10^/10

rat mwfc xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

mwfc

Decoy

a-great-intl-voip-phones.zone

police-trust-security.com

415391.com

coi-sl.com

liming-steel.com

criticalracetheoryexplained.com

pintoent.com

columbusrx.com

clarktribe.net

texasforblanchard.com

musical.voyage

priyamblogs.com

employbridge.works

americanchessmaster.com

australiaaddictioncenters.com

drkell-yann.xyz

barryisdaner.com

frankkystein.art

aromatoto7.com

alsuwal.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1bdf66ed5667345edc2315122a60838baa3839f8e254ad73912bc3af9da17529

Files

1bdf66ed5667345edc2315122a60838baa3839f8e254ad73912bc3af9da17529
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB