xloader | e8fd1fe417b0cb9377670fb2b9ba71fef92ff54aa6a2abbf1b8a829c3f639639

General

Target

e8fd1fe417b0cb9377670fb2b9ba71fef92ff54aa6a2abbf1b8a829c3f639639
Size

164KB
MD5

695967dc3655479079d0cd1b9face3ba
SHA1

b2ad06614fb66d7f0d60166b56f37c9cb4bc218c
SHA256

e8fd1fe417b0cb9377670fb2b9ba71fef92ff54aa6a2abbf1b8a829c3f639639
SHA512

7e02aaf4624a84ca6c811cab9f0e8ca18a9465593236bcf82e60297718c8d97acdcd248f111f859d08f08fa89a03f187bf224d6ea2ab30e04e62dcf4be8bb020
SSDEEP

3072:RJBQ2537tj/IMSoHanSor9eYzcLs22D1tyq3l:9JpgMSEQSor9eYz122H1

Score

10^/10

rat fnn4 xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

fnn4

Decoy

printallcity.com

fabrika-zdorovya.online

hangwithx.net

huibao5.com

atlantahousingsolutions.com

gamusemenu.com

centroculturaltranscendere.com

findaneasyjob.com

linguimatics.com

acaadjkhdakjkdh.space

512mulching.com

steelseries.biz

esgnotifier.com

ruitavares.com

dwx36.com

achievingrecoverytogether.com

stablebot.tech

iranianroom.com

lapp1.com

philadelphialaws.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e8fd1fe417b0cb9377670fb2b9ba71fef92ff54aa6a2abbf1b8a829c3f639639

Files

e8fd1fe417b0cb9377670fb2b9ba71fef92ff54aa6a2abbf1b8a829c3f639639
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB