xloader | 051ecf2f173c94727c74e2a69f88a0ad92354172f97a3c561f8caba3f00fc694

General

Target

051ecf2f173c94727c74e2a69f88a0ad92354172f97a3c561f8caba3f00fc694
Size

164KB
MD5

055b10fab4df97f0aa727d774dc48c13
SHA1

e87d15d8cb90b459b3eb73fc469e913332e19e26
SHA256

051ecf2f173c94727c74e2a69f88a0ad92354172f97a3c561f8caba3f00fc694
SHA512

6507e17cfc24947576fd19d6d9932c2f0738c4f9f1cc558bec50f0c00f99fcd9f81f711b5fd8251365d10d825db883f5b6faa04dcc36f189f51f9216c891c99c
SSDEEP

3072:yaJ+XjCTExbU3BBTMWx/gZf9Wd75nYPDC3YvkZi1Y66tXKHmG:y7XaXMWd4f9W75nYPimki1Yvt6H/

Score

10^/10

rat rbrt xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

rbrt

Decoy

murphypowder.com

roof.rentals

portalcidadaniaitaliana.com

rosettbeloof.quest

topup.website

flinorease.com

snakncity.com

megasaldaolu2021.xyz

taichan.xyz

4x4education.com

metaversealive.com

xyzvoip.com

finansresultation.com

camperstales.com

shmckeji.com

cinzakother.quest

wdgjdhpg.com

scottsregalcleaners.com

azaz2.xyz

nate.sbs

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
051ecf2f173c94727c74e2a69f88a0ad92354172f97a3c561f8caba3f00fc694

Files

051ecf2f173c94727c74e2a69f88a0ad92354172f97a3c561f8caba3f00fc694
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB