xloader | f1a77b03f33ff0e9622f1eb29bb8d12e8c28dd6f0906b611f8b53ae14f22c6e2

General

Target

f1a77b03f33ff0e9622f1eb29bb8d12e8c28dd6f0906b611f8b53ae14f22c6e2
Size

164KB
MD5

87cf34f8e3229a14a94ed88e443f79ef
SHA1

ff4d48e0ef4fc92a859425db64cb3b403c1e9403
SHA256

f1a77b03f33ff0e9622f1eb29bb8d12e8c28dd6f0906b611f8b53ae14f22c6e2
SHA512

44b7853002f297e0ce056d12ad052c5829b6e4e0fe81e865230c432ecd4e741a790075131a65640678d9c50aa03ced842c6f57f6093d8a66b90d50a8fcb3d7bc
SSDEEP

3072:KIp0m2LQ6DMES3M1De1xHN9JOnsAXT3dWw7:KTtNQM1yLHN9JOnJD3T7

Score

10^/10

rat heds xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

heds

Decoy

maman-kitchin.com

atlantacreditspecialists.com

wasgeurtje.com

14offresimportantes.com

lapinseriasf.com

babyfloki.tech

mediterraneoclub.com

appendicectasis.com

28683ay.com

quillexit.club

elintarviketyontekijat047.com

mlxezzvvxtuujipokez.biz

jupiter.agency

sunft.xyz

tatuprocess.com

gremillionmotors.com

thehjewellery.com

coachingbywatson.com

yamyycompany.net

knowledgespot.net

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f1a77b03f33ff0e9622f1eb29bb8d12e8c28dd6f0906b611f8b53ae14f22c6e2

Files

f1a77b03f33ff0e9622f1eb29bb8d12e8c28dd6f0906b611f8b53ae14f22c6e2
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB