xloader | f0f5ee573edb33f44edef144e65a1b59b512a5afe7ef2ec9fcb238ecbe8124df

General

Target

f0f5ee573edb33f44edef144e65a1b59b512a5afe7ef2ec9fcb238ecbe8124df
Size

164KB
MD5

9c25caa350b1bccf14dd5ea4e4527467
SHA1

648d68e06bfb422286881fb71b28f34a4e060646
SHA256

f0f5ee573edb33f44edef144e65a1b59b512a5afe7ef2ec9fcb238ecbe8124df
SHA512

c900dcf7c12eda604aafbd0f954b818778fcb45ba7f76601069974b3b2a7833416dbb1649f53a1725c2aaa29c66418f29f2d8ca5e4e31675682a47b3fdddd001
SSDEEP

3072:NWJf0Cxj+PkrfNQvIKMzv1VdI07t/rIkd5bf1NiFr2OWY99nPw7+mLzgch2:N6pj0TMzN7IItzIC5LuyOXto7+ZE

Score

10^/10

rat n8bs xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

n8bs

Decoy

monese-bank.com

silkypumps.xyz

tashabouvier.com

eduardoleonsilva.com

pinnaclecorporaterentals.com

megafluids.com

worldwidecarfans.com

benjamlnesq.com

unitedraxiapp.com

thetanheroes.com

jypmore.quest

indianasheriffs.biz

saintinstead.com

alldansmx.com

trulyproofreading.com

indotogel369.com

mermadekusse.store

radosenterprisellc.com

gseequalservices.com

techride.xyz

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f0f5ee573edb33f44edef144e65a1b59b512a5afe7ef2ec9fcb238ecbe8124df

Files

f0f5ee573edb33f44edef144e65a1b59b512a5afe7ef2ec9fcb238ecbe8124df
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB