xloader | 629a1a8474f589288da7664b44174ab87c7c60bbefdf2233bccd62b214e8733b

General

Target

629a1a8474f589288da7664b44174ab87c7c60bbefdf2233bccd62b214e8733b
Size

164KB
MD5

edde1c12d71a9cc052e702634420ca9d
SHA1

29a4bb6472bb657e801ac7c46537d2fb27e9ccca
SHA256

629a1a8474f589288da7664b44174ab87c7c60bbefdf2233bccd62b214e8733b
SHA512

1b672b5faadc8218102137b01af8b4f9051751029ef62bb6de47a0a09601e0c9785b4843b1e0ce633d523c83ce671aceb102fba9f37add202245349e1be9f73e
SSDEEP

3072:HJnc2XVmtYWakMa42wgJArdGXLRON2cY9beVG3dHvH:15YzMaBZCrdGXLRQP6gGN

Score

10^/10

rat cnt4 xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

cnt4

Decoy

thetattoomill.com

novexappliances.com

prizemoon.net

holycrabhouse.com

danielwisellc.com

proyectanegocios.com

detectivesprivados-sevilla.com

iwashitadaiki.com

sf999.pro

ntsetopper.com

lunares.store

parwarluxurycars.com

righteouselixir.com

pntex.website

libbysrealty.com

ottolimo.com

fujinyueba78.com

tenloe091.xyz

mypc-computers.online

tunaliescort.xyz

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

Processes:

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
629a1a8474f589288da7664b44174ab87c7c60bbefdf2233bccd62b214e8733b

Files

629a1a8474f589288da7664b44174ab87c7c60bbefdf2233bccd62b214e8733b
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB