xloader | 78d109bc2b679670796dd33184bd2ad1d859db3e579245a9acb76d733353045a

General

Target

78d109bc2b679670796dd33184bd2ad1d859db3e579245a9acb76d733353045a
Size

164KB
MD5

9a8d43fe41d8122c5877c2b26184e807
SHA1

9fa41ccb8296d800a214ad6349167dbb732e894a
SHA256

78d109bc2b679670796dd33184bd2ad1d859db3e579245a9acb76d733353045a
SHA512

c16fb3e4c997ac0d81aee8339cce4a70c503a580884b52d7e02602cbeeaa8742bf404d06fd3d7899e8b83a16129c6226dc6cc702e6fb2a2cdbe3f2a358dbc19f
SSDEEP

3072:bCp3K2rN9A9Ia6Mr+wkKGUmG1M4Lcl1isyaXPu7LMygF4:bKvjFMrtLGUmG1rS1iwu7QygG

Score

10^/10

rat rcs8 xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

rcs8

Decoy

blizzard.ventures

erlangereast.com

goetzcreativestudios.com

yourvirtualsolution.biz

theturtlecrafts.com

lombardihairdesign.com

donecca.com

consortiumcom.com

lostculture.media

golskiyna.store

aict-scm.com

hypekustom.com

latest-football.pro

forexedgetrade.com

stlukeumcaustin.com

project43wellness.com

annalouah.com

creatorgela.com

besttiktokfails.com

bridesmates.party

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
78d109bc2b679670796dd33184bd2ad1d859db3e579245a9acb76d733353045a

Files

78d109bc2b679670796dd33184bd2ad1d859db3e579245a9acb76d733353045a
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 159KB

.text
Size: 159KB - Virtual size: 159KB