xloader | f89a477dfb7524fbf8f8e2826d701bd9760ccfa53ada19fa33ec6da2a2ef6707

General

Target

f89a477dfb7524fbf8f8e2826d701bd9760ccfa53ada19fa33ec6da2a2ef6707
Size

164KB
MD5

ffdce53804114c8dcf2cf7ed0fd67db3
SHA1

7072601bb01032402fd7428414cafa314825b17a
SHA256

f89a477dfb7524fbf8f8e2826d701bd9760ccfa53ada19fa33ec6da2a2ef6707
SHA512

d86907f29a832d34af058a2319b43447de8f6e8751eac34d6615d30426709edfccaf4782399a13ea6a29cb26a9d29a5a92eeef41c69bd716a367aa42c4276fd6
SSDEEP

3072:pJJQEjuLsu25lGUwM9y7KwXyWNNIyDJ9avpboyMLySx3nC:p07ZlM9aXXy2NPTavl093n

Score

10^/10

rat u2po xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

u2po

Decoy

alaiport.com

frenchmaisonmall.com

bludienst.digital

icaterparties.com

www361212c.com

oceandragonmanhattan.com

addsinfo.com

bananothing.com

bolimtrading.com

jsgunworksstc.com

haomu2021.com

blueskydrywallpaintingllc.com

der-kuechenmann.com

menciabarbershop.com

luxeeretailshop.com

thelifeinsurancebook.com

mysteelmarket.net

elreporteroonline.com

shopfittingshop.com

crosschainloan.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f89a477dfb7524fbf8f8e2826d701bd9760ccfa53ada19fa33ec6da2a2ef6707

Files

f89a477dfb7524fbf8f8e2826d701bd9760ccfa53ada19fa33ec6da2a2ef6707
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB