xloader | e33a53ec50a725712acb7d3659af10596de743decd7b6dfab23629cd21bb583d

General

Target

e33a53ec50a725712acb7d3659af10596de743decd7b6dfab23629cd21bb583d
Size

164KB
MD5

011c167dae7f15f209a163fce85a333c
SHA1

593747975ad15559a0eaa5d23b30ef97b513ab42
SHA256

e33a53ec50a725712acb7d3659af10596de743decd7b6dfab23629cd21bb583d
SHA512

867a4c35ba911a0518ee0aeac3fbb388ef8e03bdcf3da9368caba861ba5c14c37d4c1e251d28a0e5e6e0fa5916f21b52057d042e358d44554dc7fd879ab99363
SSDEEP

3072:DUpLQ2MfXbaNP5oMh0JDEpEt4sBDc8Guf1iOpaGi:D4uWCMhKg2t4sBDpGa1fa7

Score

10^/10

rat s68n xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

s68n

Decoy

hvacprosfl.com

stercorariidae.com

acedglobal.com

modernfairs.com

portcitypistol.net

gamusemenu.com

novington.net

skiwestruidoso.com

bestinstantreliablepills.com

flightonroad.com

massivbauunternehmen.com

digitalmarmot.com

highsightent.com

gutimautpribuinropgroup.com

maoqiufushi.com

ursteppingup.com

tiwarimobiles.com

dogiadunghn.xyz

mikewuzhere.com

embracedragonfly.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e33a53ec50a725712acb7d3659af10596de743decd7b6dfab23629cd21bb583d

Files

e33a53ec50a725712acb7d3659af10596de743decd7b6dfab23629cd21bb583d
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB