xloader | c52003374544e18a0f6c1ada5678c5807de78937901b1af36a862258395b571a

General

Target

c52003374544e18a0f6c1ada5678c5807de78937901b1af36a862258395b571a
Size

164KB
MD5

c0fb817d8e1a7c09ebf54550f30b3dd5
SHA1

705610b3bf0aba894edb74b39bbe2b378c16a092
SHA256

c52003374544e18a0f6c1ada5678c5807de78937901b1af36a862258395b571a
SHA512

4427592a06c8c7745ac60c29f7f75334fc3c0e17c3a152739fb7b4fbd2e915fe6df1a218488fbfcbd89ce4b1013801f8920d7a4de35b88ff06bef01ba818e9c7
SSDEEP

3072:1J+I24Vjcc7GMBJyTqtXPMGEnTj8iESmtzETl8e:24RaMBUWZMG0TJEniSe

Score

10^/10

rat s54g xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

s54g

Decoy

sharpcave.com

pelitupmukaeksklusif.com

j9mkt68.com

shanxihairui.com

discoverrobel.com

reaching-far.com

surpaascompaas.online

runizy.com

0ef.biz

gospelinvasion.com

la-pepite-verte.com

cerrajeriaenqueretaro.com

bestcryptofield.com

hermosadiosa.net

quangvietdnbg.com

hgtestowpsep133031.com

goymayral.com

kingston-jerk.com

codezonesoftware.xyz

twinkporn.icu

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c52003374544e18a0f6c1ada5678c5807de78937901b1af36a862258395b571a

Files

c52003374544e18a0f6c1ada5678c5807de78937901b1af36a862258395b571a
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 159KB

.text
Size: 159KB - Virtual size: 159KB