xloader | 4696c215faee4233a32ed9d6d76ff8a9e71ef1899280f689222b564c2069e51b

General

Target

4696c215faee4233a32ed9d6d76ff8a9e71ef1899280f689222b564c2069e51b
Size

164KB
MD5

bf3ff4eacc21daa94c2eacc9977bcb9c
SHA1

cf94cd8d8ffb7b1e191bfd27a42e721191fba819
SHA256

4696c215faee4233a32ed9d6d76ff8a9e71ef1899280f689222b564c2069e51b
SHA512

1a19bfe3db30b9f09819e9d60ab0bfb7d58207005950806d4fa7a627def09509c46991f97a0d869ba4e45c5945dbd3eba624489b6f5fcd04a50638f88ad77b41
SSDEEP

3072:cMpfA+O2j521b+vMC6eFsPo0Cti9vfOCZPzDLu6QPAqH7GuUqqrW:c4AKawMCZsQ9ti9nOChPIAW

Score

10^/10

rat pot0 xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

pot0

Decoy

zjyylzll.com

adstore.online

4dflexipro.com

floridacaterpillar.com

yokoothai.com

cardealdistribuidora.com

93robot.com

aftok.net

jinzoboko.com

just-win.today

hauzit.xyz

retreatinthenature.com

moskovskiedevchenki24.com

bet2.info

evertownapartments.net

hackensackmovers.com

charlizz.com

pordges.com

retrorecycling.com

martynbarretthospitality.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4696c215faee4233a32ed9d6d76ff8a9e71ef1899280f689222b564c2069e51b

Files

4696c215faee4233a32ed9d6d76ff8a9e71ef1899280f689222b564c2069e51b
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB