xloader | 22699d6bcc323a2514d6a409c9f99da3a63bc88efb5797ba2333a6bddda37146

General

Target

22699d6bcc323a2514d6a409c9f99da3a63bc88efb5797ba2333a6bddda37146
Size

164KB
MD5

0c10d7d85fec172b98181c00bebc9899
SHA1

a66b9d3fad7efc45522b312a63c9cea8578eca67
SHA256

22699d6bcc323a2514d6a409c9f99da3a63bc88efb5797ba2333a6bddda37146
SHA512

7fa017d29058b1392e682d08bf8da26b92bbd4b16963445e6de41f3c16066e6bdb1d4a20465417653347b5e4dab349f2dd61aa058906bc7a04823164641a22f6
SSDEEP

3072:PPp/Z62Fkc/5I29kMntfNc2ktNjcJ+WLBmgBqhmbtbDb8yoEq:P9dbRmMn96VtNjcJ++YnmbpDb83

Score

10^/10

rat apg5 xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

apg5

Decoy

huihengde.com

oneoaro.xyz

dcdowlfoen.com

campjyounoyome.com

blockart.digital

vsajobs.net

isx-devops.net

buyinerie.com

1001clothing.com

thejoyofdrinking.com

richgoldfever.com

tandooriexpressrestaurant.store

mgav99.xyz

modnybutik.com

f-b-r.com

learn-i.com

ybjoxuvb.quest

g4cp.com

lmdfmall.com

chiclilys.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
22699d6bcc323a2514d6a409c9f99da3a63bc88efb5797ba2333a6bddda37146

Files

22699d6bcc323a2514d6a409c9f99da3a63bc88efb5797ba2333a6bddda37146
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB