xloader | b608ab68be0456f2f6f6b60ae47896b26a77df35590edac630d1d4d2be4d3381

General

Target

b608ab68be0456f2f6f6b60ae47896b26a77df35590edac630d1d4d2be4d3381
Size

164KB
MD5

532d16515e668cf0d8c2b64036f97eed
SHA1

cdaad81ae022824b6b6791c06ca23793d2fc2066
SHA256

b608ab68be0456f2f6f6b60ae47896b26a77df35590edac630d1d4d2be4d3381
SHA512

5be42ca4cd373b44f4204425de247fd543b22181fe02e2902a0b2a8bd5d0eedc7cba44a7093c0fa4fa2debd9db872c22207cfba0b7a6a3872bad4d0ec0fded76
SSDEEP

3072:DzpvD2SXmtHsdooMsg7c75k+6VtBebUAxqlgZmIebofoxYAcon9yg:DVR2+dJMsI25k+mtwbUAq+Y/xY9a

Score

10^/10

rat e3s9 xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

e3s9

Decoy

sol-labs.com

brillianthide.com

ipswich102.com

ummans.com

chatcure.com

assitante-web.com

buyfudgybombs.com

yilinyk.com

vrchjuhtia.quest

c2spreader.info

4peters.com

nisetrips.com

harrtfordsteam.com

86metaverse.com

metallotherapies.com

sweetsheila.biz

autokeypro.net

leadingporavr.xyz

riseagainthenovel.com

alivewithzyia.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b608ab68be0456f2f6f6b60ae47896b26a77df35590edac630d1d4d2be4d3381

Files

b608ab68be0456f2f6f6b60ae47896b26a77df35590edac630d1d4d2be4d3381
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB