xloader | 9db511ed01ff0710c564014ad38935c552a600fdd853b937b37d472ab41d6c14

General

Target

9db511ed01ff0710c564014ad38935c552a600fdd853b937b37d472ab41d6c14
Size

164KB
MD5

1aa092eed8485da9af033669d4088727
SHA1

840aaf5002df5ff971e591423c9927a31cc86b3d
SHA256

9db511ed01ff0710c564014ad38935c552a600fdd853b937b37d472ab41d6c14
SHA512

98caa959407877c17c41b68bc056037408ddfd66cc4fea6450be4a2bc47b1a7bc29697c8a997109c5168dbaa1fee1c7dc8ae1f2eb16b02a915d7e1165f6d7a42
SSDEEP

3072:asJFw2vjbEg1MM1tCjrwdZCYLi1YCoJlfL+IiTN3CAYXiY:ayb9uM1MfwdZCU+clfu5uy

Score

10^/10

rat inga xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

inga

Decoy

21sq.xyz

aleimanpaper.com

soulworkerrush.com

lianxiwan.xyz

gorastionse.store

nuhuo333.xyz

greenft.xyz

upisout.com

mgav23.xyz

2day-recv.info

emdestak.com

generatorgmer.xyz

inmyhindi.com

meenubhosale.com

feinquebrantabledoc.com

valgtrizoma.quest

impqtantaou.com

nomorewarnow.com

gmcrjizppcx.mobi

eludice.net

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9db511ed01ff0710c564014ad38935c552a600fdd853b937b37d472ab41d6c14

Files

9db511ed01ff0710c564014ad38935c552a600fdd853b937b37d472ab41d6c14
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB