xloader | 60da0318346aac0f9211dce7534a2ac3773b9304294d731be8067c5efbb54f3d

General

Target

60da0318346aac0f9211dce7534a2ac3773b9304294d731be8067c5efbb54f3d
Size

164KB
MD5

88a6f7921fe56eec27cd6bd531a3f554
SHA1

c576982b476ff95a8e9245e8c14d472f6de0bb32
SHA256

60da0318346aac0f9211dce7534a2ac3773b9304294d731be8067c5efbb54f3d
SHA512

8da8fb03b9ee34187e5473ac128feb64fc66e45e27ffd15d91ea9c814b85ee313a685546bd4b5c5d2e3f718d0fd94ada72472dc0a182200dc7a9b12fc2eba1bd
SSDEEP

3072:hJdk2qKBsFqqW8wMjxnHDELuJdUF7mQapNNqX9aTHSxZIS:RSvWZMjtjeuJdUF7NazsNe4

Score

10^/10

rat q2au xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

q2au

Decoy

chassere.com

servpro11517.com

sfgm.xyz

addesbarst.quest

promotion.moe

946acg.net

lightwalkco.com

linkclose.com

dm-natural.com

formuladreamz.com

visitnewrichmond.com

modelahs.com

emulging.com

citifiedbrandinghub.com

meyerranch.realty

bhs-online.com

ai-technology-online-ru.digital

lendsoar.com

dryelm.com

farmchikllc.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
60da0318346aac0f9211dce7534a2ac3773b9304294d731be8067c5efbb54f3d

Files

60da0318346aac0f9211dce7534a2ac3773b9304294d731be8067c5efbb54f3d
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB