xloader | 2c4034886e9bf75b878912557f5d3bcb759dbc5e87406a9d0f774fb2b2262c88

General

Target

2c4034886e9bf75b878912557f5d3bcb759dbc5e87406a9d0f774fb2b2262c88
Size

164KB
MD5

4b4d427e49d491bbc1adc12c58d4f3cb
SHA1

e81bc2f464ecd2b5320541276eb164f7b985faa3
SHA256

2c4034886e9bf75b878912557f5d3bcb759dbc5e87406a9d0f774fb2b2262c88
SHA512

81d784ff66160d97e903bad07f30db03115b9b155116d4b36534e221994029a6fda11740b7db02b3c26c281353810f4422892d4cc95f3224c512f882c4f84eae
SSDEEP

3072:sFdJPljcg5l+lhlTgMxTunY7WX49t05yGDqq36Z6PuW3w2RwQ3:ofqZkMxUmWo9t057DqqqoP/wqw+

Score

10^/10

rat vfm2 xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

vfm2

Decoy

alfaiptvturkiye.com

snagged.xyz

sarrosh.com

jpitkin.com

shiningproent.com

welcommon.com

oglesheatandair.com

qtomdnwj.xyz

threemee-pictures.com

refractory.online

ethercut.com

uniformityenegotiate.com

hawktech.club

adventplus.online

tuntun-newmarket.com

tiendasnea.online

thegranitegalleria.com

trawk.club

gold2guide.art

skphoolmakhana.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c4034886e9bf75b878912557f5d3bcb759dbc5e87406a9d0f774fb2b2262c88

Files

2c4034886e9bf75b878912557f5d3bcb759dbc5e87406a9d0f774fb2b2262c88
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB