xloader | ddcca1975840b871c53e22c398b3b6bb7d9b4c3f8576ef00951047c44586dd94

General

Target

ddcca1975840b871c53e22c398b3b6bb7d9b4c3f8576ef00951047c44586dd94
Size

164KB
MD5

4e158496c2c1c40e9b95c54cd7b9e434
SHA1

8c3ce229b30e9cbfcc7065e9dca04b39611e043e
SHA256

ddcca1975840b871c53e22c398b3b6bb7d9b4c3f8576ef00951047c44586dd94
SHA512

9926197b7d854d012a890f806ccaf138ed39a815e4081884203dbee262d2b00a45c2dd18e247c7209ca5c0ff61a6b8e3cb839ff966201986b82fd460ecc2e6f4
SSDEEP

3072:ecip9B2iDG0WKhMBML0LESiNNMVR4PvRjgAz87Xb27RQkuCfX:tkpk+MBsNSeNMVR4PpjgAYLb27+rC

Score

10^/10

rat gksn xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

gksn

Decoy

thesandyjug.info

italiarepresentacoes.com

esfgo.com

sangyapal.com

biogemex.com

55117788.com

bosshairworks.com

melisaclarke.net

floridadabsters.com

wheelhouseoffl.com

mrbrianalba.com

chazhuangqi.com

tmp-mail.net

northeasttexasperio.com

grandcaymanentertainment.com

h2hwholesales.com

hopeforlifeministries.com

mariankgarrett.store

buresdx.com

sreshtafms.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ddcca1975840b871c53e22c398b3b6bb7d9b4c3f8576ef00951047c44586dd94

Files

ddcca1975840b871c53e22c398b3b6bb7d9b4c3f8576ef00951047c44586dd94
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB