xloader | ecaf982244b42972b65eece74e724d11d30a69fe8e14aa1f211b0f531464f16a

General

Target

ecaf982244b42972b65eece74e724d11d30a69fe8e14aa1f211b0f531464f16a
Size

300KB
MD5

eb75f5da7e71e46d6300413ca4b4d79c
SHA1

6b5fc86d61dda79e6095e893a2b8d38303bc3594
SHA256

ecaf982244b42972b65eece74e724d11d30a69fe8e14aa1f211b0f531464f16a
SHA512

97187a62cb88c5f1112fc0d20e245fd6831fa8d45626848e85d7b5feaeec738e0af3a65c25719cd33b1b214641cb5e7ff27711bfd4d0fd15ebf17ae5a5aa085b
SSDEEP

6144:0ZCj7eYxhJXmMcV7F+dTJuYgSAVRPakvP4buxg/SfQWV:v7DyTV7FmXgrakvQyx8SfJ

Score

10^/10

rat ihg0 xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ihg0

Decoy

mdmonoclonals.com

bologna-wine.com

threensales.com

slottomb.com

precisionmedicalbillings.com

sailorswife.online

agentguidebook.com

varharmvin.report

0eh.biz

osotactical.com

hpdsde.com

waryavier.online

raniisa.com

dreamemarat.com

superiorazmade.com

kinetoscopia.net

koomall66.com

klayraccoonman.com

pascal-rocha.com

initialepharma.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ecaf982244b42972b65eece74e724d11d30a69fe8e14aa1f211b0f531464f16a

Files

ecaf982244b42972b65eece74e724d11d30a69fe8e14aa1f211b0f531464f16a
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 213KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 43KB - Virtual size: 42KB

.rdata Size: 22KB - Virtual size: 22KB

.data Size: 2KB - Virtual size: 4KB

.gfids Size: 512B - Virtual size: 192B

.rsrc Size: 213KB - Virtual size: 213KB

.text
Size: 43KB - Virtual size: 42KB

.rdata
Size: 22KB - Virtual size: 22KB

.data
Size: 2KB - Virtual size: 4KB

.gfids
Size: 512B - Virtual size: 192B

.rsrc
Size: 213KB - Virtual size: 213KB