xloader | 0f919d5b569e123a8350089351e8c1a65a11a05c48446c346f21540b9ed79a3b

General

Target

0f919d5b569e123a8350089351e8c1a65a11a05c48446c346f21540b9ed79a3b
Size

164KB
MD5

ba6ae3760525a619b08d01017feb00f9
SHA1

1ab8c3672ab8a5fd449b74b9bd9b617d72cb16d0
SHA256

0f919d5b569e123a8350089351e8c1a65a11a05c48446c346f21540b9ed79a3b
SHA512

a750897031f7095f313fb861d86335f2f5de5959c860bd510e04207e101c8c5f3a3c56d507801697e16c7a492cc5bffb464d68ec9f670d161daab7d51adc9a94
SSDEEP

3072:+1JN+etj78iutlfvKMldZQdci9vSn/z+yujKg9P2RXn0M:+1AnyMlbQL9KnbrWKKP2Fn0

Score

10^/10

rat wdc8 xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

wdc8

Decoy

mygotomaid.com

joyoushealthandwellnessspa.com

wefundprojects.com

magicbasketbourse.net

vitos3.xyz

oligopoly.city

beauty-bihada.asia

visitnewrichmond.com

crgeniusworld.biz

bantasis.com

transsexual.pro

casagraph.com

eastjamrecords.com

howtotrainyourmustache.com

heiappropriate.xyz

bataperu.com

ces341.com

prajahitha.com

manuelagattegger.com

wolfpackmotorcycletours.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f919d5b569e123a8350089351e8c1a65a11a05c48446c346f21540b9ed79a3b

Files

0f919d5b569e123a8350089351e8c1a65a11a05c48446c346f21540b9ed79a3b
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB