xloader | 5936f0265de41fd3ee6578954b3c653657c27162adc680b6e1f4193c95c89e69

General

Target

5936f0265de41fd3ee6578954b3c653657c27162adc680b6e1f4193c95c89e69
Size

164KB
MD5

7a5cd43a6abefdcb300e9bac62f9f6cd
SHA1

567997ce898c9964f38a0efe5928a663998692c8
SHA256

5936f0265de41fd3ee6578954b3c653657c27162adc680b6e1f4193c95c89e69
SHA512

355a2acc1cb9701dde2dd351051d7798eae974326fd63d25ba71a1aa75f4084c34024cbf565a0b80d337fefec4f0c857532e9a20b61006d89993d322ebf69520
SSDEEP

3072:e8JNztjPvrk9spMGMYh5kgmuY/cK7WrgLn8lw3AYrQSL:eK26rMYTiu8cK7WUrjAYf

Score

10^/10

rat mts0 xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

mts0

Decoy

ninalinkel.com

13gatsu-girls.com

amr-khalid.tech

24630kingscrest.com

datangws.com

segurosramosroman.com

snatchmy.asia

macdonalds.network

hotel-alize-opera.com

mikejeske.com

amrgoogle.com

sharpecommunications.com

gujaratigyaan.com

soyredy.com

gardenchipvip.com

reparamospc.com

feritotribunal.com

palaserver.com

sandiegobarracudas.com

myso8.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5936f0265de41fd3ee6578954b3c653657c27162adc680b6e1f4193c95c89e69

Files

5936f0265de41fd3ee6578954b3c653657c27162adc680b6e1f4193c95c89e69
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB