xloader | 1b73e671d675e8cffff36bc55200fa7fd09ff43b1a67776176935c0f4654accb

General

Target

1b73e671d675e8cffff36bc55200fa7fd09ff43b1a67776176935c0f4654accb
Size

164KB
MD5

02f25f1b439789dd3a8b6a99d4e39393
SHA1

98765719bc0a0d287677b8945642bbd23b7a2ed8
SHA256

1b73e671d675e8cffff36bc55200fa7fd09ff43b1a67776176935c0f4654accb
SHA512

154d2814af29d59f594caf931cf59ce92b0196247cd82a928e6dbb0d7f93086517f5ccba604f9ad4df2467c040549cf79e03bf0239909ec64514d75dd806cf51
SSDEEP

3072:qDLpth2ZTNO933m5pvDeS+W9sMNUXJVF0WtdKN9F8DPBNKzHbH3t:M/Ma3+pvaSpCMNUXJv0km9pjbXt

Score

10^/10

rat seic xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

seic

Decoy

7890166.com

tuwei.xn--6qq986b3xl

wulkan-slots.online

baileysepictravel.com

cheyiz.store

xo168.net

thecreditbuilder.company

prawoturystyki.com

studenttech.xyz

websitefast.online

qyhuli.com

tanujpackersmovers.com

arkhamchess.com

maxicashpromir.xyz

fuzvjy.com

xocontinued.com

exploitslozdz.xyz

outerverse.space

needsumo.com

kreativevisibility.net

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b73e671d675e8cffff36bc55200fa7fd09ff43b1a67776176935c0f4654accb

Files

1b73e671d675e8cffff36bc55200fa7fd09ff43b1a67776176935c0f4654accb
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB