xloader | ea57f9d3aa88a76abbf4b7f4a7ee34ecf1f990b208f6a0db7cb87a5415f80cb2

General

Target

ea57f9d3aa88a76abbf4b7f4a7ee34ecf1f990b208f6a0db7cb87a5415f80cb2
Size

164KB
MD5

49c115dc09f1bd0a1349927efc99f80a
SHA1

cfd9b338864885240b5f5e8f15204bac7cfc3d74
SHA256

ea57f9d3aa88a76abbf4b7f4a7ee34ecf1f990b208f6a0db7cb87a5415f80cb2
SHA512

09d9d68f9cc178ed8dd0630b1fe7ff26d91eb1903a6d1313ac6eae994843c3052535870787ccd0691833126da6a2c9450d463f4a1e3a52947f781d84924546cb
SSDEEP

3072:r7pTC8i2a4uof/Q8sMX0Rq6U4tQjxtNSTKBNFrVy:rBwplMX4qj4tQjxPby

Score

10^/10

rat m9me xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

m9me

Decoy

kalidas.tech

sonjajoost.com

cursosminharendaextra.com

perfectstudio.net

prof-alians.com

nurix.net

creativeartsfilmacademy.online

versq-valves.com

smartlifeformulations.net

msbyjenny.com

bslol.xyz

shopevinsurance.com

dellstarvr.com

oho828.com

minlicy.com

campeonasavon.com

birthstonia.com

heshi54.com

info1337.xyz

rafaeyza.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea57f9d3aa88a76abbf4b7f4a7ee34ecf1f990b208f6a0db7cb87a5415f80cb2

Files

ea57f9d3aa88a76abbf4b7f4a7ee34ecf1f990b208f6a0db7cb87a5415f80cb2
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB