xloader | bc68f1c3e90d38b089534333bded35a4c736b1d18bce2b2fe151a46a53ca390d

General

Target

bc68f1c3e90d38b089534333bded35a4c736b1d18bce2b2fe151a46a53ca390d
Size

160KB
MD5

d1a9b9e29edfb6ddefa1fe00e9486f6e
SHA1

4f8484df9b6ef4b54fbd7ebd882e10a155bc87f2
SHA256

bc68f1c3e90d38b089534333bded35a4c736b1d18bce2b2fe151a46a53ca390d
SHA512

3e87c8b6cac73fc46387891bda1c58d5ba0d3bee26f8c66eecbe4af976c5b8bd9c6b5bc3898743ebd488bf930077d3f310ac606c6332e120914ebb454274c4a0
SSDEEP

3072:xBZSvTHTdARBhBo6eenWg1bnQIZlOid/aJQ3dQO7n8s5R0498yS:1IqPo6tWcbn/Oid/aW3dpT8I8d

Score

10^/10

rat ianv xloader

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ianv

Decoy

toysclass.com

baohiemthuduc.com

dronesracers.com

wallis-platform.com

waltermorgan.fitness

vsn-designs.com

cengjing.life

trackcatologueorders.com

newworkpay.com

brainywoodindia.com

myrtlebeachstripperstoyou.com

saori.cloud

10fastvpn.com

freemindsweden.com

phatsquares.com

pandemia.tienda

7560eads6.com

sabjidada.com

zhyingj.group

nailmanicurest.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bc68f1c3e90d38b089534333bded35a4c736b1d18bce2b2fe151a46a53ca390d

Files

bc68f1c3e90d38b089534333bded35a4c736b1d18bce2b2fe151a46a53ca390d
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 156KB - Virtual size: 155KB

.text
Size: 156KB - Virtual size: 155KB