xloader | 65c29ea9a8e68a6857ab0ece877bc40e50322c6e6873c3b44f62033c0ee6922d

General

Target

65c29ea9a8e68a6857ab0ece877bc40e50322c6e6873c3b44f62033c0ee6922d
Size

164KB
MD5

7a122a0a05f58698a2b50790399355af
SHA1

ebcddc891a81037f5a8e9e652e4ebc5e3f706fc1
SHA256

65c29ea9a8e68a6857ab0ece877bc40e50322c6e6873c3b44f62033c0ee6922d
SHA512

7c6c29858fa6b5a405894b8b65cfa5b769a89ef607fd06555a6ff9ae01de45369ea24a2a78b98a2956e7e751e9d9ff673e2c3d79e4e3fe1f86107a8c01577dd3
SSDEEP

3072:LDp/1b2y/SCeCAMq8TA6pxedIQUriScih6j7gWXZz9GzFb1YU:LV1jqXMqUbpxedIQEi6h6j7gWXZz9Gzt

Score

10^/10

rat o6tg xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

o6tg

Decoy

turkscaicosonline.com

novelfoodtech.com

zgrmfww.com

gestionalcliente24hrs.store

postrojka.com

tapissier-uzes.com

tobytram.one

preamblegames.com

clicklinkzs.com

franksenen.com

beautygateway.net

foils-online.com

aout.us

promarkoperations.com

alignatura.com

changemylifefast.info

minbex.icu

internethustlersociety.com

chinacqn.com

fibsh.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
65c29ea9a8e68a6857ab0ece877bc40e50322c6e6873c3b44f62033c0ee6922d

Files

65c29ea9a8e68a6857ab0ece877bc40e50322c6e6873c3b44f62033c0ee6922d
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB