xloader | b9c4bcfffcbd5d4796f1565e8f2c8bb667720d0dc27788bfba632d3b564808e3

General

Target

b9c4bcfffcbd5d4796f1565e8f2c8bb667720d0dc27788bfba632d3b564808e3
Size

164KB
MD5

21173d8394661823abf705061f2c1ec0
SHA1

3f98543167027b8b885785f9ec796c9552c1a954
SHA256

b9c4bcfffcbd5d4796f1565e8f2c8bb667720d0dc27788bfba632d3b564808e3
SHA512

93d18cb09e2255dd05c5219d9a04f8295449e29673263ab654733b28ce570e35b9ab4e03e80ab05d6a3cdff22adcfc92743965fb8f46b21f3ce19fbaed00ee5d
SSDEEP

3072:nepBM2zQwbKAupGCeOtaNkmmllhd6ToOAkCsR2D34f6EHNB:nwQzfpGrqaNkmmlZ6ToOAfsRYSN

Score

10^/10

rat dibu xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

dibu

Decoy

goodbridging.net

niraprotect.net

dhroad.com

gluenstack.com

atozroofingrepairs.com

slagsnmnd.quest

free020.com

125e13th1108.info

regittracker.com

inbo-usa.com

zepsucsenior.quest

dsyai.club

efelerarea.com

villa-joki.com

metalmask.icu

autorainfiltre.com

yasbeyondcollagen.com

sheetpilinquk.com

kitvirtualger.com

jeremy123.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b9c4bcfffcbd5d4796f1565e8f2c8bb667720d0dc27788bfba632d3b564808e3

Files

b9c4bcfffcbd5d4796f1565e8f2c8bb667720d0dc27788bfba632d3b564808e3
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB