xloader | 87af8674ab74e0ff55dcc018d1111e8d31c27344c9225fb3a0ea1a07ddaf11a1

General

Target

87af8674ab74e0ff55dcc018d1111e8d31c27344c9225fb3a0ea1a07ddaf11a1
Size

164KB
MD5

bd1cf36597a62d4190beeb3665fa9b62
SHA1

4d6c1e949e671573ba36623e40d3fcc07c6714ef
SHA256

87af8674ab74e0ff55dcc018d1111e8d31c27344c9225fb3a0ea1a07ddaf11a1
SHA512

b0812ecf49ec6e438b50922d7173b752542a641ecdb2f020b64c06527efb3c687c18548fa4471a6fa8703c026e6f83238542697a5cb628c7c2a35b7ef305c284
SSDEEP

3072:hpJr+jnYfH5153zM2XJq3xg4pb1tzTQJ0HN8znU7+pxSnFln4:hHddjM25Yxd1tzTQJ0t8nUapgnP4

Score

10^/10

rat hxn2 xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

hxn2

Decoy

janenoelleneedleworks.com

albedocoin.com

helennbendiss47.xyz

democratizabais.xyz

knellarraywoad.com

vehicleweek.com

cablevid.com

sigmagrup.com

cesarchavezeagles.com

centrocomercialgranadahills.com

theherotea.com

ozarkdemure.com

27mpt.xyz

expansionsound.com

fablebuiltbrands.com

rockyzpizzagyro.com

velociget.com

suntioil4u.com

salvationshippingsecurity.com

spares245.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
87af8674ab74e0ff55dcc018d1111e8d31c27344c9225fb3a0ea1a07ddaf11a1

Files

87af8674ab74e0ff55dcc018d1111e8d31c27344c9225fb3a0ea1a07ddaf11a1
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB