xloader | d8a9c1bc61784e7102b94bf3c2425fbeab721ec6865e4c44a08a812112a6ee58

General

Target

d8a9c1bc61784e7102b94bf3c2425fbeab721ec6865e4c44a08a812112a6ee58
Size

164KB
MD5

37349dfd82396b9d03ee2470bfc0ebfa
SHA1

7277772254b3064d7f6a2ef46c6052fb94eeb255
SHA256

d8a9c1bc61784e7102b94bf3c2425fbeab721ec6865e4c44a08a812112a6ee58
SHA512

d3be396d7ce84acece7a0a2446d018646b064a6ece7580db5e2caf6ffce6968bac469e7f395ce5c8d0ea3ce30452566078815eb902476ea4ab57330e1ecc684d
SSDEEP

3072:AiwX2EEJFADmTpUet/2SlqNILZ9r6MhJM0Nd2t8:YCYEpUA+3NILZ/G0S

Score

10^/10

rat fhuh xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

fhuh

Decoy

legalraleigh.com

kodaikeiko.com

pptmarketplace.com

theinvestmenthorse.com

quiubit.net

theresashelley.top

watchlivestream4k.xyz

heinousas.com

menggaodui.com

interstellar-art.com

com-junction.com

thebugkitchen.com

poppyfox.top

itsmeekasheilou.com

vtooland.com

minogratio.com

familyfixins.biz

nihonno-okami.com

yefiafrica.com

chokeonwords.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d8a9c1bc61784e7102b94bf3c2425fbeab721ec6865e4c44a08a812112a6ee58

Files

d8a9c1bc61784e7102b94bf3c2425fbeab721ec6865e4c44a08a812112a6ee58
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB