xloader | 9388d7e69f2d418a13932d577ac8f8bb6349166184cf53b39e0e6681fec203ae

General

Target

9388d7e69f2d418a13932d577ac8f8bb6349166184cf53b39e0e6681fec203ae
Size

164KB
MD5

51341a171ea7575ab84b7d6028ee52d5
SHA1

a2e9178dc95d4bb563a5c8304c857c740a7a19e7
SHA256

9388d7e69f2d418a13932d577ac8f8bb6349166184cf53b39e0e6681fec203ae
SHA512

c49f201f881c5ef6526d15dc7d3617b7dfd01b1de1d700ea726d3b18ff59cc5c1227c404fc07a8bd45750d76e89755266daf76c3f081ccb384a4e7d8e916fa4e
SSDEEP

3072:/Jpux2H2q/2VtMBEUOPyjNxjaeD3ARpLU77ZBGwkSRc7Pg:/ulHMBTMUNxjaGAR2gSRc7P

Score

10^/10

rat wgau xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

wgau

Decoy

unifonic.asia

writetentown.space

gold7guide.art

dunya.info

beyondescapenh.com

resourcefuldemo.com

casinomavi46.com

shengjuzb.com

lameducation.com

ajuna.network

pal-tread.com

charlottesbestroofcompany.com

john-erickson.com

fujitsu-mtc.digital

debbieforsenate.com

haduystudy.com

shiftframework.com

aap-philippines.com

startstwinkleplanetsdont.com

elturista.net

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9388d7e69f2d418a13932d577ac8f8bb6349166184cf53b39e0e6681fec203ae

Files

9388d7e69f2d418a13932d577ac8f8bb6349166184cf53b39e0e6681fec203ae
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB