xloader | 2cc9a5a6920ebb19f01181f51492f0e3cfc6980ee867a13f2a1bf769019b72e4

General

Target

2cc9a5a6920ebb19f01181f51492f0e3cfc6980ee867a13f2a1bf769019b72e4
Size

164KB
MD5

f30f18036453eb6b2824ea8a28dda89d
SHA1

c818f54246adcf36c3484a9c184575644361ffa8
SHA256

2cc9a5a6920ebb19f01181f51492f0e3cfc6980ee867a13f2a1bf769019b72e4
SHA512

ce5a382ce3de700b73a53be1cfc39a1ee8d476a97a931a7366e8ce032bd78a95e8a062ced86b1ca99a9cf3138991d96a2802d80c0f374a7c8faba0e3eb24e2e6
SSDEEP

3072:s4pXd92SbAJWDO5IM7bv5fO5yNoeRwQnfGMd3dDUMyxr:sGd+2OGM7F2INoeRwCldDUMy

Score

10^/10

rat bifp xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

bifp

Decoy

empiremunitions.com

basyz.com

onicstore.com

jeanillebonterre.com

staff-able.com

greenteambuildingservice.com

zdeju.com

whittlersgardens.com

opluence.com

highaltitudelife.net

pfizics.com

classbcampervan.com

ptintelligence.com

jiashengrivet.com

artteamhoke.com

pgmmbyfv.xyz

standardizedsubmissions.com

fraudtransactions.com

bradysbeans.com

alahlyfc.club

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2cc9a5a6920ebb19f01181f51492f0e3cfc6980ee867a13f2a1bf769019b72e4

Files

2cc9a5a6920ebb19f01181f51492f0e3cfc6980ee867a13f2a1bf769019b72e4
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB