xloader | 858c7fde275701f5bfe2ab523c7b885d4c3da3bf315a9c7063392676e1ffb145

General

Target

858c7fde275701f5bfe2ab523c7b885d4c3da3bf315a9c7063392676e1ffb145
Size

164KB
MD5

33f879f6da6205a8ebebea967306c320
SHA1

45f5d85d7eabdf32d8f1cfa53e38c0a205858e4b
SHA256

858c7fde275701f5bfe2ab523c7b885d4c3da3bf315a9c7063392676e1ffb145
SHA512

2f80a55c92f8e50a8b545f410f5c985cac667efe2b6339c17acae5b745aefe649ace9f3bcfbd12d5bc550561c0564f5e9d68160c797f6dfa3612d8af29732d57
SSDEEP

3072:eQpvh29lVBfn8wNMIETXgPNSNIsAF+QdJkhNbx+PDHSV:eQwBEQMIEwPNFsAF+QwhMS

Score

10^/10

rat pout xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

pout

Decoy

leadergaterealty.com

k7bsz.info

laidjapp1.com

eastcountytaxi.com

betterlife-uae.com

materaiku.com

chanhxebinhthuan-hcm.online

06gjm.xyz

67t.xyz

here-we-meet.com

screened-articletoseetoday.info

lucykg.club

mujdobron.quest

susakhi.com

funtabse.com

unlimitedpain.com

2ed58fwec.xyz

weighttrainingexpert.com

allisonsheillax.com

yektaburgers.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
858c7fde275701f5bfe2ab523c7b885d4c3da3bf315a9c7063392676e1ffb145

Files

858c7fde275701f5bfe2ab523c7b885d4c3da3bf315a9c7063392676e1ffb145
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB