xloader | df49f89e3d71b4bedf1306bd6bf00c354ee68647165b888326708385e0143663

General

Target

df49f89e3d71b4bedf1306bd6bf00c354ee68647165b888326708385e0143663
Size

164KB
MD5

ca75ffe1bbe3a064c9b44133e2e0c27d
SHA1

936b678854094419459cadadc9368244f69f1f60
SHA256

df49f89e3d71b4bedf1306bd6bf00c354ee68647165b888326708385e0143663
SHA512

0c85bdbce086333664f42f1e8055738d2cc91f3018dfb341aa85a89e6933a96aeeafa0dc4c78f1ddd4ba935ed2798b1fbe92ee8d3ce86111cece0e6c97cac96f
SSDEEP

3072:1GpGQ2XF3f7S3Muzk0AHSNpmbXNCqlxRZGAGUJwlVL:1r1DEMuYhHSNpmbIqlVKlVL

Score

10^/10

rat sa3t xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

sa3t

Decoy

mendazilima.quest

britishdrivers-uk.online

clear-rails.com

emagrecacomsaudesempre.online

sppn.info

prestigepropiedadraiz.com

therenewalprojectmastermind.com

mileylovu.com

lmhaglund.com

apentrenadores.com

charminggrooming.com

pgonline888.online

powify.net

deadlyubohe.quest

testimonial.direct

59sth.com

scbnetcomn.xyz

gejservices.com

kemalilik.com

romcollectionmelbourne.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df49f89e3d71b4bedf1306bd6bf00c354ee68647165b888326708385e0143663

Files

df49f89e3d71b4bedf1306bd6bf00c354ee68647165b888326708385e0143663
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB