xloader | 83383e0de3355b5b5e3f543ea71b5ad5d550220e225f2b90b2dbaec39f1f3c67

General

Target

83383e0de3355b5b5e3f543ea71b5ad5d550220e225f2b90b2dbaec39f1f3c67
Size

168KB
MD5

f390dba0486205430b3ce2f21768c4bd
SHA1

f68f00fceda1f6ba56ea6e08e2239a68f008720c
SHA256

83383e0de3355b5b5e3f543ea71b5ad5d550220e225f2b90b2dbaec39f1f3c67
SHA512

41e6fa9c2a3fdbc69f94bbc2b4b5e7a32fbc20089e1aba713c3da95819b4db307487c65c537008bc55ce64b3e2aa3649b1894e13555ff8fe42758d8728f52ff6
SSDEEP

3072:KhJVcjA/9m3CdyY7MHxBA1e3bMcCQ7PKQkvQgMvvPlaQNL/5ARv:KBSWyWMHXAwrMcCs2UMQNLq

Score

10^/10

rat ahge xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ahge

Decoy

zlh.biz

suddennnnnnnnnnnn11.xyz

okanliving.com

shopeuphoricapparel.com

hcifo.com

haciendalosangeleslaguna.com

shineshaft.online

monclerjacketsusa.biz

uwuplay.com

psychicdeb.com

adonlet.com

theprogressivehomesteaders.com

ammaninstitute.com

sqpod.com

tropicbaywatergardens.net

yna901.net

3christinez.online

tastemon.com

karansabberwal.com

delegif.xyz

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
83383e0de3355b5b5e3f543ea71b5ad5d550220e225f2b90b2dbaec39f1f3c67

Files

83383e0de3355b5b5e3f543ea71b5ad5d550220e225f2b90b2dbaec39f1f3c67
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.rsrc Size: 1024B - Virtual size: 960B

.text
Size: 159KB - Virtual size: 158KB

.rsrc
Size: 1024B - Virtual size: 960B