xloader | dd7c780b9299e0b5507b94577a081c31c10cbb37110ef41cfe6abc831b0b3ca7

General

Target

dd7c780b9299e0b5507b94577a081c31c10cbb37110ef41cfe6abc831b0b3ca7
Size

164KB
MD5

4dccc2eee9da97610a0ab48e0590205d
SHA1

d02d8b7b0b7e959a01a2cedef3a93b85ba027cf6
SHA256

dd7c780b9299e0b5507b94577a081c31c10cbb37110ef41cfe6abc831b0b3ca7
SHA512

c4cb6f4794c350da59d2c34f8d92842d90a58380a9c8ed2d9deab541570829349538cac920d409399f7c0e7a711597b56330c3a3d344286df05c4c9ddd678504
SSDEEP

3072:MRJQG2rBuOGBIvMlVYLWmBScMNzki/t27wTkbm3LHK0SV:MM6VSMlcWKScMNzk027A5K0SV

Score

10^/10

rat noi6 xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

noi6

Decoy

sukiller.com

finistere.today

pipandelli.com

thegulfweek.com

piggoz.com

leofighters.com

hkako.com

rafipuff.store

gxzcgl.com

mayuracaps.com

merry-ux.com

classicalequestrianacademy.com

pancakesawp.club

theinspiredfutures.com

dunkadogllc.com

bklmkm.com

glow-fabric.com

b2bxcal.xyz

autostorageco.com

ellyandjessee.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dd7c780b9299e0b5507b94577a081c31c10cbb37110ef41cfe6abc831b0b3ca7

Files

dd7c780b9299e0b5507b94577a081c31c10cbb37110ef41cfe6abc831b0b3ca7
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB