xloader | cc4f91fd96acf2482b3413a463167e8af8a88e1f19ea588563706be3451500a0

General

Target

cc4f91fd96acf2482b3413a463167e8af8a88e1f19ea588563706be3451500a0
Size

164KB
MD5

de9eab0b58012112cc10725409ac52d7
SHA1

a607e49f319523319e12ea59bd1798ce93597e0e
SHA256

cc4f91fd96acf2482b3413a463167e8af8a88e1f19ea588563706be3451500a0
SHA512

67af4774565e78f2aa26f43da73aa546186312cff55551d3871bda73184fbe61d364405a27641c472c0ff6bedc7e789b0d80d76a39d487e627a92a51f469982e
SSDEEP

3072:WBp1y2+DkpTuGMLBWiAm/sZdBm5xgvgjebt8+Q5:WpqoZMLVnmdBm5xg8gK15

Score

10^/10

rat wakb xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

wakb

Decoy

aratishop.online

hiphopbyfinetwork.com

vixingjingling.xyz

yutangjin.com

emeraldmussels.com

losfesdffewfdstoyof4.xyz

quroot.com

theabsexpert.com

thornbackhall.com

billstechadvice.com

amfamtturainoyo2.xyz

victocha.com

jennieandtyler.com

metalworkinsumossadecv.com

eastasiathought.com

kmt-au.com

un-elegance.com

mitchfeetpics.com

office365-24.com

thetimekeepers.club

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cc4f91fd96acf2482b3413a463167e8af8a88e1f19ea588563706be3451500a0

Files

cc4f91fd96acf2482b3413a463167e8af8a88e1f19ea588563706be3451500a0
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB