xloader | 8c18021e65f6bb109b9749bb8d149b70b2f92f7240f0d661682466568f3ced48

General

Target

8c18021e65f6bb109b9749bb8d149b70b2f92f7240f0d661682466568f3ced48
Size

164KB
MD5

08d901023f80a287aaaa5fd436dd69fd
SHA1

8198322e329a754af33bb0b6d1697fb7626ce5d4
SHA256

8c18021e65f6bb109b9749bb8d149b70b2f92f7240f0d661682466568f3ced48
SHA512

8879af70d582d0b1bcdfbed7e66003adb899b6579482a12f524b2b67743f456704291f66badd5c6e05c009f2edee6279169bf87ced89f21d6d54b3e04dc32a37
SSDEEP

3072:RfxjSJpYjNnoVRtVWLMc5grd+k9tSVF7C9KWSdcc+SMAcq4hGLZs:xxj45JQMcWB+k9tSVs6+lA1b

Score

10^/10

rat qdq1 xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

qdq1

Decoy

advertising-machine.online

photo.fail

loyaltyfaq.com

7lywzx3mh.com

liberate2024.com

xn--xhqp74a1vhb74b.group

konekt-top.space

portraitsbypaul.com

cattlecoinranch.com

3963.space

egigpay.com

thesouthlandband.com

vickywestmore.com

rewindau.com

21countryplace.com

cuffingseasonfilm.com

variableclement.com

ericksonwebmail.com

lmczedu.com

brw-solutlons.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8c18021e65f6bb109b9749bb8d149b70b2f92f7240f0d661682466568f3ced48

Files

8c18021e65f6bb109b9749bb8d149b70b2f92f7240f0d661682466568f3ced48
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB