xloader | c0240003bc6e5f36c38256fe3a0528d106b788ac2ef2f9327f8e8ee23d615625

General

Target

c0240003bc6e5f36c38256fe3a0528d106b788ac2ef2f9327f8e8ee23d615625
Size

164KB
MD5

17cc168d3f1b5a49baf1aae463902bcd
SHA1

2254253aa69a54ef33179ff70e3cf499a344b5f8
SHA256

c0240003bc6e5f36c38256fe3a0528d106b788ac2ef2f9327f8e8ee23d615625
SHA512

e2165497fcf90cf9f1bd7d7bf7b2b35107a4888a12d4a4373d2bcdcc131841ed287f313bcd24745b4079e2d8e89ada1f25bf6998e47d90d93545f47e18c8e6d9
SSDEEP

3072:dDJqifxjE4otbmYH2Y0tMEIxsicm3OFcDdX06oFB4BO:dYQcb92Y4ME2jccYcxX6B

Score

10^/10

rat ubqk xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ubqk

Decoy

tundrat-celltherapy.com

superfinance.club

5x5week.com

687504.com

clarkdn.com

potterypklsck.xyz

4m5k.com

21t8.com

94o2ohfjg.com

bhupendratravels.com

nomadashop.com

w388bet.bet

naturalenetwork.net

tupaqu.com

osooir.com

jengly.com

cbsharjah.icu

tokowallpaperbekasi.com

baggamut.com

upoon81.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c0240003bc6e5f36c38256fe3a0528d106b788ac2ef2f9327f8e8ee23d615625

Files

c0240003bc6e5f36c38256fe3a0528d106b788ac2ef2f9327f8e8ee23d615625
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB