xloader | 2689188c95daea0638c99aa09223f44a90e2e7f2e8b77b30f6f4b35cd2e212eb

General

Target

2689188c95daea0638c99aa09223f44a90e2e7f2e8b77b30f6f4b35cd2e212eb
Size

164KB
MD5

6810355238b534afce0919a60f0b1d30
SHA1

035cf515758ca6a382454d3f4a5c9f6c7e7abaf2
SHA256

2689188c95daea0638c99aa09223f44a90e2e7f2e8b77b30f6f4b35cd2e212eb
SHA512

fadb2e291395dc3c159b05db16238666ee6a6e444674d3ff4cda13890c0577375644a4f3b189f042869d1c9c758e2c4f358ed3a7b711db82e0eb1b4bcb687c01
SSDEEP

3072:DyJQYOjI3LVgtuMWiMqnhO7v52tZkcMemyo1e2nfho64i:DZIYpMqn07h2tZkbGoDfLj

Score

10^/10

rat p4sm xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

p4sm

Decoy

sdlfhkjds.com

artplay.xyz

companyintel.tools

upyourstatus.store

hale-houkan.net

ktth770am.com

mymaidprofile.com

pyrmontwealth.com

vulcanopresale.icu

stepaheadboutique.com

fendoremi.com

amazemedeals.com

comunidadsgi.com

aedifice.group

samsamfb.com

onlinegiftcards.xyz

idodevice.com

itsme-i.xyz

snthm.com

scanourcan.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2689188c95daea0638c99aa09223f44a90e2e7f2e8b77b30f6f4b35cd2e212eb

Files

2689188c95daea0638c99aa09223f44a90e2e7f2e8b77b30f6f4b35cd2e212eb
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB