xloader | 30819ed42893957f68a2272b1e4486a610d8d3afeaba3c90a1e2997d3ae6414d

General

Target

30819ed42893957f68a2272b1e4486a610d8d3afeaba3c90a1e2997d3ae6414d
Size

164KB
MD5

ff73d4827ac904327e6754c3e8d683cb
SHA1

f7407575b1e9b6996f7e238b4e42aa62122b0f15
SHA256

30819ed42893957f68a2272b1e4486a610d8d3afeaba3c90a1e2997d3ae6414d
SHA512

c4a6de428dfcb0002d624e6d6646598a6713a9ff9f9fd4edc88edb94b15336334b52d8d7f70d39d84fbb1c492e410f544ee61472f5ced4f0e206dc57c82f8d9a
SSDEEP

3072:auJUjjT0C2iMp883Mqj+iSmk9Fjgu4lcLywHOwG6gXpvxWu:aFOP8SMqSNmk95gympwtYvxW

Score

10^/10

rat pg3o xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

pg3o

Decoy

thelostrose.com

liebemadchen4u.art

scuzzfest.com

labalhadi.com

ecran-thermique.com

explorepanel.com

smdledneonflex.com

jpstandardcompany.net

gunspatrol.com

dugerits.com

asquaredlegalgroup.com

sasha-media.com

praconsultingandinspection.com

awaisqarni.com

paysology.com

terradr.one

lorebeasts.com

mapiadventuretour.com

dietatrintadias.com

powerether.online

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30819ed42893957f68a2272b1e4486a610d8d3afeaba3c90a1e2997d3ae6414d

Files

30819ed42893957f68a2272b1e4486a610d8d3afeaba3c90a1e2997d3ae6414d
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB