xloader | 74de19fc3dbf758565fb9fa4b3fe88511b804b4ef780235ab9932724792afc6e

General

Target

74de19fc3dbf758565fb9fa4b3fe88511b804b4ef780235ab9932724792afc6e
Size

164KB
MD5

85df0981ef10666024a789e14d119dd2
SHA1

7d364a19bfeb8f226606ee3f6c7caff5f52f09bd
SHA256

74de19fc3dbf758565fb9fa4b3fe88511b804b4ef780235ab9932724792afc6e
SHA512

c1f050710798ffd46f6a3c2aaecf24f2bbe3b063e5d28b14ff9248f5e87183485dc72697c3c7c07882f90daf0fd717a2369103d09e0e993248b798d087f415b3
SSDEEP

3072:pJQbN2PyQAiBUM1t84jN8dV8X8oJyBhaFEN3vc4JLmf+yq:UTWSM1W+CdV8XkLk+mc

Score

10^/10

rat 3e9r xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

3e9r

Decoy

143411.com

300dh.xyz

win-chance.info

essentialsofbeauty.com

skategrindingwheels.com

jyqtgg.com

exodijuis.com

goodwinpuppies.com

doitlive.online

hello-orchid.com

shangjibbs.com

innovarecic.com

fococomunicacaovisuales.com

completemarine.care

parodistluxuryroll.com

anda568.com

unicorm.digital

weaveapp.xyz

artractions.com

app-ads-network.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

Processes:

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
74de19fc3dbf758565fb9fa4b3fe88511b804b4ef780235ab9932724792afc6e

Files

74de19fc3dbf758565fb9fa4b3fe88511b804b4ef780235ab9932724792afc6e
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB