xloader | 1fba00a27b570385511a8c1eb063cc85654ac641185fe6e12df0ab8c8d7f0087

General

Target

1fba00a27b570385511a8c1eb063cc85654ac641185fe6e12df0ab8c8d7f0087
Size

164KB
MD5

1304d2d4779fb3feb9dc8515b861e142
SHA1

79ccf01d515027cdb0c6b3aa87170d23a2fd23c8
SHA256

1fba00a27b570385511a8c1eb063cc85654ac641185fe6e12df0ab8c8d7f0087
SHA512

923580fc9fa37393429ac5f0229c92741475865e5506601d555aa06d1279f0237d40b57271408539f27804294bc577df8a1db19d97f981fadf07a023b2817daf
SSDEEP

3072:HKpEgX2wa3blcL3M29lHvMpTF5NrODUEl+7xE1h0aEyBUyLI/x:Hdgm2TM2LPszNrO7kKwRqx8/

Score

10^/10

rat b6sq xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

b6sq

Decoy

online-arbeiten.net

thegreatkitchen.com

ibecursos.com

malibumensretreat.com

refreshpad.com

onlinemusicfestival.store

sevenfigureaffiliatesecrets.com

zero-infekcji.com

domdata.pro

3nvud.info

dovvnergroup.com

darumallc.com

fileparrot.com

gzzhetaizy.com

workforma.com

bunjabaits.com

ohmisoul.com

caroleitalo.com

crice.net

1680557.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1fba00a27b570385511a8c1eb063cc85654ac641185fe6e12df0ab8c8d7f0087

Files

1fba00a27b570385511a8c1eb063cc85654ac641185fe6e12df0ab8c8d7f0087
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB