xloader | c47806c0434eabc4e1bc44922e489dac0dbaaab123d5a21854c0dec4dfc1fba2

General

Target

c47806c0434eabc4e1bc44922e489dac0dbaaab123d5a21854c0dec4dfc1fba2
Size

240KB
MD5

2ec6ae68e8540e7edafe1c8e7deb1958
SHA1

d6d393c1822d4aca66ecdab6b3d5aaf4d7703c61
SHA256

c47806c0434eabc4e1bc44922e489dac0dbaaab123d5a21854c0dec4dfc1fba2
SHA512

5ed72953b242aa4e87cd7bdb1da5820bdc9e2ae787e1d69b95310559e8745ec629222a74378a2bde46567d2c2361de8c565927afa777ab5cec935abbce44c217
SSDEEP

3072:E1RzJB4+gbmGhG1vBmWEi1uqUJVSNMzpQQCxcAi2pJRSDWeSiYPDQKa4:EJW+ya1vB71uHcKzpQQCxcPOJRSi5Hb

Score

10^/10

rat o6qa xloader

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

o6qa

Decoy

saralscales.com

valuegodly.com

e-strix.com

upperworth.biz

beautyroombysare.com

scrummrs.com

housingzapopan.com

bluecaps.net

xoopq.club

tiagovlima.com

junk-removal-las-vegas.com

buymelanotan2australia.com

gitpost.bid

galuwergroups.com

goldenample.com

emporiojuradosasdecv.com

medendorse.com

ranchosyucatan.com

lacphuc.com

mylysis.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c47806c0434eabc4e1bc44922e489dac0dbaaab123d5a21854c0dec4dfc1fba2

Files

c47806c0434eabc4e1bc44922e489dac0dbaaab123d5a21854c0dec4dfc1fba2
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 167KB - Virtual size: 166KB

.rsrc Size: 67KB - Virtual size: 67KB

.text
Size: 167KB - Virtual size: 166KB

.rsrc
Size: 67KB - Virtual size: 67KB