xloader | f00b216cdd0c6ee448c4272bc42a36fe6737845f0fd254d483e47b53d216072f

General

Target

f00b216cdd0c6ee448c4272bc42a36fe6737845f0fd254d483e47b53d216072f
Size

164KB
MD5

c254e577e7df7b20f91e077668782f09
SHA1

4b1592f9bf2d3334c1ccec9b072c44d7eccdf141
SHA256

f00b216cdd0c6ee448c4272bc42a36fe6737845f0fd254d483e47b53d216072f
SHA512

067656466254d3b8e0dd0443866b263c924e67a389d69b17b70c3285ba2d318e061d0a6eff26beab6b4a51cc3d967fc46a4efc029d5a88ed47753cf60c70697f
SSDEEP

3072:NbJXJjfPgpyYKbunkMq+gHDhMaNtY+zDDfvU4BKrXmmX0:N1i5kMqRjhFtY+z3fvFBKr2L

Score

10^/10

rat znhk xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

znhk

Decoy

party24.cloud

hezeds.com

vegxtasy.com

bostonstretchlimousine.com

astrologyplatform.com

cleversonsilvaadvocacia.com

deepenthebond.net

livestreammoneymachine.com

bodogbeds.com

manusmith.com

zycjsq.com

reginejohansen.com

honinghelden.com

bastrocoxinhas.com

stateserver.com

communage.com

jessicapierce.us

scum-th.com

enriquecabezas.com

uprgoad.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f00b216cdd0c6ee448c4272bc42a36fe6737845f0fd254d483e47b53d216072f

Files

f00b216cdd0c6ee448c4272bc42a36fe6737845f0fd254d483e47b53d216072f
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB