xloader | 88c9068156cdb07dddedf09a6cb99d1e915c670afed162f90fda12c5fce788b2

General

Target

88c9068156cdb07dddedf09a6cb99d1e915c670afed162f90fda12c5fce788b2
Size

164KB
MD5

2b576d66e84a553a089a0755a36b2bc7
SHA1

b68d6180adc797a718c1d6a26ecc950a6d6d4f1f
SHA256

88c9068156cdb07dddedf09a6cb99d1e915c670afed162f90fda12c5fce788b2
SHA512

7e26dabb5741c82e3dbb0d6683cc037d4ddf9b049c18c8019a0cb45908db4b450514cce16c1eccd918709dcc1fb2b704be95bbe6773547004f35bba5e4f6ac58
SSDEEP

3072:HiJ+m2PKejBfjqJPm39MVL80yAbgMuvfr2qmto+ZnB/Vaa5Ty:HHqVwtMVw75MorrAo+ZnBh5Ty

Score

10^/10

rat uj3c xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

uj3c

Decoy

media4play.store

detractsloznk.xyz

istansw.com

best-weight-loss.website

orchids22.com

cjbd68.com

fu5544.com

covidworld.info

nguyenthanhanh.com

aerodisinfectant.com

restaurantebrasasylea.com

woodencok.com

nxtzhhxt.com

tandemfinancialaz.com

newagespiritualitystore.com

thomasophie.online

ottnershop.com

sat-tabacologie.com

tj2988.com

colocauto.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
88c9068156cdb07dddedf09a6cb99d1e915c670afed162f90fda12c5fce788b2

Files

88c9068156cdb07dddedf09a6cb99d1e915c670afed162f90fda12c5fce788b2
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB