xloader | a022d86b82644a0f8017d9be9f0089b2e0f0872f3025949bf63d4acc7ec8616c

General

Target

a022d86b82644a0f8017d9be9f0089b2e0f0872f3025949bf63d4acc7ec8616c
Size

172KB
MD5

62dcf476ca6837ee722ed8b5b711174a
SHA1

e71abfb0636c2a4f7f76cf8a4b461d014d911dc7
SHA256

a022d86b82644a0f8017d9be9f0089b2e0f0872f3025949bf63d4acc7ec8616c
SHA512

60813a4104868b3f0df035ea475708395e4410ce67422c1fa3abc52d7a955eee1e143c21c49cc93cb6d8aea55bbe6a3f8e2e0586a38a9d14248585475914648a
SSDEEP

3072:5ZdT1o7BFpFF0xHBmW9W1o1U5F0cqEZ0OLJZlsfZCG13Lljvwd9rTeRo:5Zs77exHBg1okeJEZ0OLNsNvR

Score

10^/10

rat mwfc xloader

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

mwfc

Decoy

nonzamoto.com

bullshitcasting.com

glacieverifme.site

kingdomvisionarychallenge.com

selalujos.com

lanling88.com

chronotalent.com

thebossmaker.com

lyjzfwy.com

oneulbada.net

vintogel88.com

grimoirestudio.store

williamlathamllc.com

enciphor.com

weukrainians.com

onandoffsite.com

goldstorage.cloud

incredibuildx.com

verantheacodex.com

blavktux.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a022d86b82644a0f8017d9be9f0089b2e0f0872f3025949bf63d4acc7ec8616c

Files

a022d86b82644a0f8017d9be9f0089b2e0f0872f3025949bf63d4acc7ec8616c
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 167KB - Virtual size: 166KB

.text
Size: 167KB - Virtual size: 166KB