xloader | 5b96ab2d93a6fc03fd742f7c57e6a8c4005660e80035de70d78c062361b7d46a

General

Target

5b96ab2d93a6fc03fd742f7c57e6a8c4005660e80035de70d78c062361b7d46a
Size

164KB
MD5

91b8cf35b5e5d99e951e12c563549138
SHA1

272176ea06825da66a58fda187e2f1027abd70a1
SHA256

5b96ab2d93a6fc03fd742f7c57e6a8c4005660e80035de70d78c062361b7d46a
SHA512

0f77bb97f468c2822897ae43810b869a252afe4e919fa6723a4d654948656a43e0b3cf2f7506af84364421081b8b2e6ef8d6a0a556e3d9b7140b20d3aab60322
SSDEEP

3072:pApzA2oeYJqfoQMiC74r9XdvA28DWYjLN6Rtc6mVzucA5FSPQ:pw2axMiq+9XdvA28KQkjXm8cwFI

Score

10^/10

rat bh87 xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

bh87

Decoy

smvopucollege.com

ounebuy.com

chainmart.xyz

kevinhuntsensei.com

drredu.com

landengineeringcorp.com

ecgrealtyinc.com

921471.com

princealison.top

karvdesign.biz

consultatelecom.com

anrows.net

blackdigi.com

crescentecotechtourism.com

fritzagricole.com

ethicalize.net

palisadeslodgecondos.com

wky6.com

bathandmore-uae.com

buenacomidamerch.store

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5b96ab2d93a6fc03fd742f7c57e6a8c4005660e80035de70d78c062361b7d46a

Files

5b96ab2d93a6fc03fd742f7c57e6a8c4005660e80035de70d78c062361b7d46a
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB