xloader | d88eeca06a1c8b4b6c91ddb9fabf25ca1b979a663420cf3e0edab23e5d1753f9

General

Target

d88eeca06a1c8b4b6c91ddb9fabf25ca1b979a663420cf3e0edab23e5d1753f9
Size

164KB
MD5

da727d60399a87adbc0bb04c270ebb50
SHA1

b0ad15572764e1d5cde813aab3edcdae5b4a91b2
SHA256

d88eeca06a1c8b4b6c91ddb9fabf25ca1b979a663420cf3e0edab23e5d1753f9
SHA512

278501b2f137655c093fb9d4d5674259ac476d8c72a72f3cb8bc070ae781e9a78ada70f090c683dc34b817e60a27dec5dec8785e4597d10c861a6df5ff2327a6
SSDEEP

3072:qJaptMR2qrwbx7VM9m2xsQDNG2eJsdupS5I4Ms:qJgSUhM9nicNG26sswZMs

Score

10^/10

rat mndk xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

mndk

Decoy

amusingpay.com

noledgetest.xyz

kassusalesltd.online

homeawayfromhomedaycare.biz

qbrilliant.com

zilllowclosings.com

damasanjonline.com

skategrindingwheels.com

budistx.com

sexrexy.com

aurorarefrigeration.com

apphlcp5588.com

lojadoxadrez.com

akiruna.com

torgash.space

trajectoire-occitanie.com

londonescort.xyz

eduardoorosc.club

transostrea.com

greggassociates.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d88eeca06a1c8b4b6c91ddb9fabf25ca1b979a663420cf3e0edab23e5d1753f9

Files

d88eeca06a1c8b4b6c91ddb9fabf25ca1b979a663420cf3e0edab23e5d1753f9
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB