xloader | fb73e3f6f1b8f0e9e5672b3d65c4656093b3460d8fd0e3f1dbc892106aa75b1a

General

Target

fb73e3f6f1b8f0e9e5672b3d65c4656093b3460d8fd0e3f1dbc892106aa75b1a
Size

164KB
MD5

ace29d2d2f2fc679db6e8a2801e1e268
SHA1

0078304583ab7307d1f45ba1318b91b99223eaf0
SHA256

fb73e3f6f1b8f0e9e5672b3d65c4656093b3460d8fd0e3f1dbc892106aa75b1a
SHA512

033b399f6296e913bba63dabfe5a52b6eb90647a8424fd3b1aeeac59cb68176718aa1c5571222cbe912e7ad5551cbcc860538540a02b92c8b88ce57e0a756759
SSDEEP

3072:hAJa6j+raeLAvwPMT+J4SxUj+MhZHFTYzrIy+GC2J8+w3EMW:hFLSiMTy4SUj+MzHFUYyl8+GW

Score

10^/10

rat ok4e xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ok4e

Decoy

drtuba.one

mosescorrea.com

xn--sxqt5eu0oo9u9la.xn--czru2d

hellounio.com

teamtigers.club

oceansaquariumnyc.com

pordges.com

pinewoodfairwayshoa.com

961115694.xyz

adeelrazza.com

baymillsstudios.com

kobaygym.com

highwaymenstickers.com

ulysse-cazarbonne.com

mintnft.fund

enjoycarousel.com

odemix.com

craftncloud.com

linuxsauce.net

sirtechie.xyz

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb73e3f6f1b8f0e9e5672b3d65c4656093b3460d8fd0e3f1dbc892106aa75b1a

Files

fb73e3f6f1b8f0e9e5672b3d65c4656093b3460d8fd0e3f1dbc892106aa75b1a
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB