xloader | de16a976d89c1349a5617d02933c39c6c7820771499e3063b17988a312488466

General

Target

de16a976d89c1349a5617d02933c39c6c7820771499e3063b17988a312488466
Size

164KB
MD5

7b9194fce54641720bdaee60fc343bdc
SHA1

b556d323ac2a85e68ae66583ac0a8b79f39ee54d
SHA256

de16a976d89c1349a5617d02933c39c6c7820771499e3063b17988a312488466
SHA512

e115356d4a8538e36e0abc6401a934539b120c137a883508b561ba9100cda1439868c8dad9018f9cae4c8039ece5b110d85e18fc0f547ddeed4a9d147d793f1c
SSDEEP

3072:W5BGQ6BntydX0oqmAM2UTYTQuqO2dZAM4powV3O9ZNwk:WqZokoqThbTQ3O2db4poEiZNwk

Score

10^/10

rat cre4 xloader

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

cre4

Decoy

namirani.com

winnerscircleapparel.com

blackgoldranchoutfitters.com

absintheshopping.com

billionairetaste.com

weida15.com

clubsibaritas.com

bitmonarch.com

xo-car.com

terreo.info

anymore.one

sundarbanstore.com

blueshoediaries.com

fastloansflorida.com

streamzone300.xyz

mspxzx.com

dailydefileader.com

wildblissboutique.com

museumsalive.com

theeverscholar.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de16a976d89c1349a5617d02933c39c6c7820771499e3063b17988a312488466

Files

de16a976d89c1349a5617d02933c39c6c7820771499e3063b17988a312488466
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 156KB - Virtual size: 156KB

.text
Size: 156KB - Virtual size: 156KB