xloader | 6af97c3368ab2ccada7436325b1088937c0bad457310bab2105eed411a918275

General

Target

6af97c3368ab2ccada7436325b1088937c0bad457310bab2105eed411a918275
Size

168KB
MD5

a5b9614cb31c2f4c76d2af10740bb83e
SHA1

b1696cf367eb7c46e33080f3c433398e01a93c86
SHA256

6af97c3368ab2ccada7436325b1088937c0bad457310bab2105eed411a918275
SHA512

37acf522c41ab06664c5b7860030725a00cae1a4e41fd6f5021cc3d4330b49ddba2435b66abd5c93e5d6a9904794a88d6781b6a7887da3e6f9b200de03ffc8b2
SSDEEP

3072:OGJ6NjnHe4UeCxZiyMJ13xtigVsFonHFD7fGMEPdndt:ObLAxMJrMgVsFon1jGL

Score

10^/10

rat hqp9 xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

hqp9

Decoy

askpointe.com

suddennnnnnnnnnnn54.xyz

weboxyde.com

getmorevacations.com

promocion360fitness.com

40hqyj.com

sumonahemed.com

anu59.com

dentalshopoutlet.com

gooeystar.com

hostforgo.com

allinthetimber.com

momochan-hakata.com

maxrichrealty.com

8label.com

509edfasdgcdpro.online

element-light.com

gogoanime.today

verbenalogic.com

postrojka.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6af97c3368ab2ccada7436325b1088937c0bad457310bab2105eed411a918275

Files

6af97c3368ab2ccada7436325b1088937c0bad457310bab2105eed411a918275
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.rsrc Size: 1024B - Virtual size: 960B

.text
Size: 159KB - Virtual size: 158KB

.rsrc
Size: 1024B - Virtual size: 960B