xloader | c1b774df66a8a94a2e51867074792bd4abbb09da0f641de4fb354d891f8ab4dd

General

Target

c1b774df66a8a94a2e51867074792bd4abbb09da0f641de4fb354d891f8ab4dd
Size

164KB
MD5

e6399ca8f2fec3a1c80c4e24d1db0fe9
SHA1

32f586e3d8bdb3cd909714f56a92176642cf5917
SHA256

c1b774df66a8a94a2e51867074792bd4abbb09da0f641de4fb354d891f8ab4dd
SHA512

a1965ff230d2b6b39f1a1ad82fe2a3466fb81a0353571657f41182c55587d453b96ae5be22a39b9f42032846530d66157a5a18172eea008b8eedff166543715f
SSDEEP

3072:M9Rpbk2UI8x3SLDMIC6YC9otELAWU0fL+P5wNuv0Lf:M9XlOinMI//9otELAWUyWC

Score

10^/10

rat k8yh xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

k8yh

Decoy

lift2.cloud

tradeplay.net

familyattorneybg.com

accurbizlist.com

xrcasino.online

walletwriter.space

tiendasbioaseo.com

mrcandywholesale.com

multicoopltda.com

buylebsack.com

pilatesvilanova.com

fendoremi.com

vmfband.com

hrtaro.com

todosartenes.net

glusanka.info

dusa.codes

cfcfcs.xyz

ecostarsenergy.com

tokenbooze.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c1b774df66a8a94a2e51867074792bd4abbb09da0f641de4fb354d891f8ab4dd

Files

c1b774df66a8a94a2e51867074792bd4abbb09da0f641de4fb354d891f8ab4dd
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB