xloader | 34bcf85a822dafdd97806718e7efb9fee31751579f2777c9d9fb8ade79f11bb1

General

Target

34bcf85a822dafdd97806718e7efb9fee31751579f2777c9d9fb8ade79f11bb1
Size

164KB
MD5

7541d55e74a95833e5a77308cf0a4c87
SHA1

38b33fd201be864c24a0f47b3203736d12a1d95d
SHA256

34bcf85a822dafdd97806718e7efb9fee31751579f2777c9d9fb8ade79f11bb1
SHA512

8c9430042b85afd24780e67c219a3f340bea6a8cb263c62f8ccd191ddb642c1fc58e5ec5f4c8071d7b03fa85fe271ebb629619cbc7abd71e318b6fdca792e2ae
SSDEEP

3072:vJGdk2M0igsK8McSzWlv79m0LN/OXd2Ofqcc5TJMHk:EXOnMc2av79m0LN8dTfqc

Score

10^/10

rat ciaz xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ciaz

Decoy

jobgeist.com

pxwss.com

nathanaeljeffrey.xyz

rhoypl.biz

avachaturbate.com

xvideopornfilm.com

heser.net

olphschoolcrabfeed.com

ballygallycastle.com

attunetouchandglow.com

wwwswanciitaphotography.com

inspinevision.com

ebabadofood.com

glenngreerforlyman.com

stickojfni.online

cursophpbr.xyz

thefindommistress.com

8c9myn92dzep.biz

alexamedia.art

rarerp.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
34bcf85a822dafdd97806718e7efb9fee31751579f2777c9d9fb8ade79f11bb1

Files

34bcf85a822dafdd97806718e7efb9fee31751579f2777c9d9fb8ade79f11bb1
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB