xloader | 7e0d848072255f7e6a1596f7229fc7d932cbaabac28d6f503da2bd5658eb5a7a

General

Target

7e0d848072255f7e6a1596f7229fc7d932cbaabac28d6f503da2bd5658eb5a7a
Size

168KB
MD5

afb7b06a5ea180d1f7e54f757c40a881
SHA1

9f42cc949ab7f9858bed19113cdbc939c06b8d4a
SHA256

7e0d848072255f7e6a1596f7229fc7d932cbaabac28d6f503da2bd5658eb5a7a
SHA512

6b25930d5cd7f9d66093cb49e7d98c36b586da3d2b6b38f9089da953b8d3e0db0edffe5c73e3aafd8d8d0f92fd5c90e6fcc5006ac14b57d6a560057bd46f14df
SSDEEP

3072:77psu29X3q09JMhQ3KoGIdTocCaLwe7cyJguXQPkbF:7KTfHMhQ71dToc/7cwV

Score

10^/10

rat mwfc xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

mwfc

Decoy

wwwmwrfinancial.com

fastfreightrucking.com

mollyagee.com

crm-harmonysoft.com

bdlancers.net

feelimi.com

lilnasxshops.com

digibizvietnam.com

theodorebfox.com

podalijokte.quest

eotwlive.com

everydayisablessings.com

fexfer.com

regalosyartesania.com

piscineconnect.com

xxkyz.com

haematopoiesis.art

xhxwmw.com

angelawentzmusicstudio.com

mydna.online

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7e0d848072255f7e6a1596f7229fc7d932cbaabac28d6f503da2bd5658eb5a7a

Files

7e0d848072255f7e6a1596f7229fc7d932cbaabac28d6f503da2bd5658eb5a7a
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.rsrc Size: 1024B - Virtual size: 960B

.text
Size: 159KB - Virtual size: 158KB

.rsrc
Size: 1024B - Virtual size: 960B