xloader | e8175dba278de689c495ae8cfbefd9d5b4edf3546986365ae9efb209b372953c

General

Target

e8175dba278de689c495ae8cfbefd9d5b4edf3546986365ae9efb209b372953c
Size

164KB
MD5

9c52e4780f7dc98b205a7b9630f05c40
SHA1

270dd6326c9a6cabc7bcfb2e52a1e62042dd2d09
SHA256

e8175dba278de689c495ae8cfbefd9d5b4edf3546986365ae9efb209b372953c
SHA512

f408e36ee55d4107f2c5caf01bbae8dffabdd22f4de4179f42e31d63e068217941a69a32363fdaefaf4c545ca0af4735881e080cc5da192549a82fc86b969206
SSDEEP

3072:2J242R8189NUDMYc5xF0At1Z6ibZD/3y/IiuFzGfd46:3GuN6MYOb0At1Z3BCAibf

Score

10^/10

rat grfd xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

grfd

Decoy

jigservices.net

redis76.com

adalinehickcox.com

qihua001.net

andreasbeautybox.com

johnathanos.xyz

darkday1.xyz

cantikgroup.company

ancestryheritage.com

comeitfrog.online

worshiprofzor.xyz

liamkitson.com

boutique-pulsar.com

sbkngppf.xyz

nexagis.info

proformance-roofing.com

dimitraandpanagiotis.com

grupoandiremaggi.com

chusangchae.com

helmex.store

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e8175dba278de689c495ae8cfbefd9d5b4edf3546986365ae9efb209b372953c

Files

e8175dba278de689c495ae8cfbefd9d5b4edf3546986365ae9efb209b372953c
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB