xloader | fff63a9ee43e313b03f4a218b5666774c80fc9fde69d77e7193bf7b149a5aece

General

Target

fff63a9ee43e313b03f4a218b5666774c80fc9fde69d77e7193bf7b149a5aece
Size

164KB
MD5

d54d5c150ffd3986ec29dcccb17c10c2
SHA1

faa4a0cdffce14913338859a079246f6dc846619
SHA256

fff63a9ee43e313b03f4a218b5666774c80fc9fde69d77e7193bf7b149a5aece
SHA512

522fbf09e741219478a95d0558f6e6431aae88c065be158e8aa551edc0572ff7257e22ab51972e14fa29786426360a7f5b9deacae85236cff6f74a012bad8f29
SSDEEP

3072:Mbcp+yY26buzvAjYMdrhKjmgcdNVyHaDfpScaSTz6JsUk:6Fu0EMFQygcdvyHaDwcaEz6JsU

Score

10^/10

rat p00n xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

p00n

Decoy

beaniemart.com

sugarlaces.online

kinesio-leman.com

gasfreenft.com

ateneaespai.com

askyourhr.com

recruitloft.com

carolinasbestroofingcompany.com

coacher.online

freshmind.today

help-it.online

nicelink17.com

islandtimeoperations.com

agricurve.net

rizkhr.com

innovatorsincommerce.com

grownwings.com

learningout.store

miaglam.com

tengfeijd8.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fff63a9ee43e313b03f4a218b5666774c80fc9fde69d77e7193bf7b149a5aece

Files

fff63a9ee43e313b03f4a218b5666774c80fc9fde69d77e7193bf7b149a5aece
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB