xloader | 7af77039739d1afabc705a9f6475448bf7ad7c7d419e067b6c2343f0f6ae3d05

General

Target

7af77039739d1afabc705a9f6475448bf7ad7c7d419e067b6c2343f0f6ae3d05
Size

164KB
MD5

03b2e00f0300323187ec1495bb29e6f8
SHA1

c18ef89f009bd647e449cefc3a1f8ee8b389cbe6
SHA256

7af77039739d1afabc705a9f6475448bf7ad7c7d419e067b6c2343f0f6ae3d05
SHA512

c9bd96d501c654e5e3a9233e8a1263859f1994c68c66a408e177becae225a8f79e49d0e06c91e8bfc7b7d99bcc7f78389b6813eaa5cecd5701b15c4879e32fe7
SSDEEP

3072:McJR1jA5/ZpzRNeeMlDbkKKPEmlN3q60W6XsPns1eI3UbJpfW7M:MyYLNlMlH3KPEmlN3q60W6Xe8Uba7M

Score

10^/10

rat ah8e xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ah8e

Decoy

threecommaspartners.com

303redirect.com

chaoscosmeticseg.com

kloeyscloset.com

spectralcloudinfo.tech

berdisen.com

avtodetal.info

ff4cvbvxu.xyz

h-kfirms.com

bluebellsdachshunds.com

cretefam.com

cherielu.com

sunshinediagnosticcenter.com

885954.com

bt-accounts.com

firsthandhk.com

australishomes.com

chessigo.com

goodcheermugs.com

comercialjyv.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7af77039739d1afabc705a9f6475448bf7ad7c7d419e067b6c2343f0f6ae3d05

Files

7af77039739d1afabc705a9f6475448bf7ad7c7d419e067b6c2343f0f6ae3d05
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB