xloader | fa67f8c746665f1bfe500bb4c880e3730b344164905b5ee7130bb42c36f95298

General

Target

fa67f8c746665f1bfe500bb4c880e3730b344164905b5ee7130bb42c36f95298
Size

164KB
MD5

b29bf8fd52c91da66d67152623d673d8
SHA1

6e83713fb54744c1d816ab886d3eeb86cdb7e364
SHA256

fa67f8c746665f1bfe500bb4c880e3730b344164905b5ee7130bb42c36f95298
SHA512

8064464f6efb929627f61acd91b0d0170d43fa57fddf408e47d5ed68850fa83e38c2cce2ba9f9b47eb42c861f56fc35328d04746bfac6716784e97d2b9fb0f85
SSDEEP

3072:TLJzAivj0r9JGvExU0MSNLSxex1MURQbfIIuwWdyXQ5Cp:T9/SnpMSh6O1MURMfIJyXaCp

Score

10^/10

rat w8rr xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

w8rr

Decoy

musimack.agency

stockdatai.com

obsidianfields.net

idahogunpros.com

leochun.com

tancal.cat

theselfishbrandofficial.com

undegenerateness.info

nhanoon.com

y566.top

arabfinasgodes.com

goldenmetaverse.com

adilafinpay.com

biblicalcaffeine365.com

golgesiz.net

hsshengri.com

bydarcy.net

sevichhar.com

sanjeshgaraneh.com

femdomfilms.biz

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa67f8c746665f1bfe500bb4c880e3730b344164905b5ee7130bb42c36f95298

Files

fa67f8c746665f1bfe500bb4c880e3730b344164905b5ee7130bb42c36f95298
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB