xloader | 73883a28baf98afe2bed6d33f8d6d2878052dc6c1ad46ef8ca1d735e51e5bd87

General

Target

73883a28baf98afe2bed6d33f8d6d2878052dc6c1ad46ef8ca1d735e51e5bd87
Size

164KB
MD5

01bd55da8e9880eb5a90ece0b9704dba
SHA1

d26b21d33773a86f2a1e6a275eee3e79a24185e7
SHA256

73883a28baf98afe2bed6d33f8d6d2878052dc6c1ad46ef8ca1d735e51e5bd87
SHA512

6916573e8ddb082ea5dfe40b754a979be2f5b470745d13b5459e5119e917b49cb5ea36119641677bab395a0b3b9a5b2b2956ab2ff04e133614ba4bcb227fe4cc
SSDEEP

3072:1JLN2WFNFzkHNMWQDjlbLdcFfzNBlQalzKYRdozQ:z7otMWs5bLdcFfzNBlvlzKWF

Score

10^/10

rat s59h xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

s59h

Decoy

2028my.icu

svijet-zastite.com

zwinz.store

munixc.info

falcongroupmanagement.com

aerionsys.com

hvbatterystore.com

guidedleveledreading.com

dayral-review.com

globalethinvest.com

mobilecoin.art

routetree4life.com

mas-traders.com

helioolson.com

hrbwanjinda.com

tangerinesafe.com

gabriellemariaphotos.com

uuckpp.com

fzshangmao.net

wanwuchuangyi.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
73883a28baf98afe2bed6d33f8d6d2878052dc6c1ad46ef8ca1d735e51e5bd87

Files

73883a28baf98afe2bed6d33f8d6d2878052dc6c1ad46ef8ca1d735e51e5bd87
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB