xloader | 675102b49b1c82ff8caa9166f669340f7581ea1024af713bd96670b04bb39c31

General

Target

675102b49b1c82ff8caa9166f669340f7581ea1024af713bd96670b04bb39c31
Size

164KB
MD5

a2d546e6a9ab080ef52e1e9057e77b6f
SHA1

1a811893bb25fa30ab8c58c3dce1b4bf66679747
SHA256

675102b49b1c82ff8caa9166f669340f7581ea1024af713bd96670b04bb39c31
SHA512

d2fbd208b8e9553edff1e260871fe863d498713401dbd79bfcadc99144a1d7c1949541a129a5ed6910f843b4557ebdd66acb26baaf5c4168aa3dc9a736425223
SSDEEP

3072:GxpTc/22Gu6UKGHp8hoRcXaTSG7erHhLV1O/T82wFpkYLA:GXsIUp8m2quGSrHr1OLjw/c

Score

10^/10

rat goe8 xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

goe8

Decoy

blocog20.online

vipmedia.website

relentlessmultimedia.com

bellospalace.com

cleanmango.com

solacticguardians.com

szkoleniapolskilad.online

djaydenno.com

magicsquare.xyz

hypergrowthsalesadvisory.com

bagwashs.com

mindasking.com

hackworthcenter.net

ecompropeller.com

angelescitychoppers.com

ardisdr.online

memorial68.com

str8ii.com

leecomind.com

zmacannabismarketing.net

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
675102b49b1c82ff8caa9166f669340f7581ea1024af713bd96670b04bb39c31

Files

675102b49b1c82ff8caa9166f669340f7581ea1024af713bd96670b04bb39c31
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 159KB

.text
Size: 159KB - Virtual size: 159KB