xloader | d4575689b726d4ec925f20a30a47660b3a5cc4521a7c294582e42a05f4c4046e

General

Target

d4575689b726d4ec925f20a30a47660b3a5cc4521a7c294582e42a05f4c4046e
Size

164KB
MD5

e940d2599e28cac74090360feb9f7366
SHA1

2bc24f04829d6f89732883d09088cdb5dfe40e84
SHA256

d4575689b726d4ec925f20a30a47660b3a5cc4521a7c294582e42a05f4c4046e
SHA512

8e6930368d966682ae19c6ea52787b9e5cda6d3acba50eccc4d81b668b5b1156f315f456df8e0815d3859449a51b767e41473e79e1899a62910b96e8237bd74a
SSDEEP

3072:jKpWaAO2dtwRLFXMORm5jdmPt/d1onhudKmtylkl5sZw4g72:jD3Q9MOkZat/dChudKmukl5sid2

Score

10^/10

rat itq4 xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

itq4

Decoy

worklocalcortland.com

hostydom.tech

ittakegenius.com

clarisfixion.com

totalzerosband.com

shop-for-432.club

exploremytruth.com

skarpaknivar.com

teknikunsur.net

shoppingclick.online

808gang.net

solobookings.com

mikunandina.com

insumedkap.com

kingdomcell.com

qabetalive838475.com

foxyreal.website

filmweltruhr.com

pokibar.com

girassolpresentes.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d4575689b726d4ec925f20a30a47660b3a5cc4521a7c294582e42a05f4c4046e

Files

d4575689b726d4ec925f20a30a47660b3a5cc4521a7c294582e42a05f4c4046e
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB