xloader | 656cb950e3811873a4659d8057e39a78d9eb44df652b691ebc027f2cf7a325f5

General

Target

656cb950e3811873a4659d8057e39a78d9eb44df652b691ebc027f2cf7a325f5
Size

118KB
MD5

54945dbb053aafab1c50281086860da9
SHA1

9b36e4fad311dd788b4748781d45ece2aa09b6f8
SHA256

656cb950e3811873a4659d8057e39a78d9eb44df652b691ebc027f2cf7a325f5
SHA512

52a5d9afa99bb8ac5cf4608f0203782321028b859c46ee398894a24aee3e50ac867559460212035e232947f61362890e8c08e0774650e37c6460e704576cce74
SSDEEP

3072:mOMhvsKxuSKijcf9R1bQ2pi8apKCnKR2TtjQdF28b58HLnzOo:5MhkIxrjcV7bQYapKCK0TtjQdF28t8Hl

Score

10^/10

rat cvrn xloader

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

cvrn

Decoy

nxwatson.com

thegoodskart.com

jamiewaack.com

starvideoproduction.com

htwengenharia.com

shqipria.info

mybeauty.education

pphemr.net

relaxmorning.com

cunix88.com

bhartiyabrand.com

sofiedeneef.com

chabakaton.com

qianyanwanfu.com

testamentvorlage.club

gm321.com

dataxamarin.com

guktree.com

castroarchitects.com

prize-ad.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

Processes:

resource	yara_rule
static1/unpack002/bin.exe	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack002/bin.exe

Files

656cb950e3811873a4659d8057e39a78d9eb44df652b691ebc027f2cf7a325f5
.zip

Password: infected
ac9c52d3109bb9bd7532115471968c43e607cc1bfa726865b7d7abf5c7cfc256
.lzh
bin.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 156KB - Virtual size: 156KB

.text
Size: 156KB - Virtual size: 156KB