xloader | 9c4bd3f1bcf83d2bde97d471d1ca5fc28e117e060e726d12676e8d04254b9264

General

Target

9c4bd3f1bcf83d2bde97d471d1ca5fc28e117e060e726d12676e8d04254b9264
Size

16.4MB
MD5

08857e84d4e00cc95824c9292b23c84a
SHA1

702235f5a748eed9004fbbda1656d20c5e9975a9
SHA256

9c4bd3f1bcf83d2bde97d471d1ca5fc28e117e060e726d12676e8d04254b9264
SHA512

2688c12edd45ee78925e323e675fba5bbf1b2eeddbe1378136bb98c12c4010050d3e5ba5cb3097d5692a662456db6b78a433d180eb35620d0919fb055a917f1b
SSDEEP

3072:oCJQWTjCkjJQQQDjMBnbGW6dV8F2f4rQUs/HUMHTRjc:oVWpMXMBbG5dV8F2f4u/0MH

Score

10^/10

rat entq xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

entq

Decoy

portalqtz.com

perigros.com

afrodit2.com

huize228.com

xingye8652.com

puraskin.info

lqmrfw.com

eventmlsdfghfvb.com

smarttechelectronicsus.com

mcsp3.xyz

institutfrancais-ifac.com

vseremont.space

climate-festival.com

clangadget.com

assuredportsq.xyz

kaishiyouxi.com

infovisitghana.com

cambabez.xyz

mayaevelline.com

udimansataras.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9c4bd3f1bcf83d2bde97d471d1ca5fc28e117e060e726d12676e8d04254b9264

Files

9c4bd3f1bcf83d2bde97d471d1ca5fc28e117e060e726d12676e8d04254b9264
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

We care about your privacy.

.text
Size: 159KB - Virtual size: 158KB