xloader | 01e607362cf74552b05182e3618f4f0c189afc379d66d16046326497ee60c66b

General

Target

01e607362cf74552b05182e3618f4f0c189afc379d66d16046326497ee60c66b
Size

164KB
MD5

237cd5ec9fc3c277204ebb9bc7ffb36a
SHA1

51593f1547cf47ae5a880f3e47c108f40f514e48
SHA256

01e607362cf74552b05182e3618f4f0c189afc379d66d16046326497ee60c66b
SHA512

bf3275135e914afc1cae2b14d2a9638815ed60b8b0c02692eee8b514ae0161050859f4239d0386b0370ca8aaf8b507cf939e49120ec7f46aea0579db87edbace
SSDEEP

3072:GJprI2Bb0KKRtMkmgnYT/1tNwNcHvs/4jxTQ8NAWve:GXFITMkRYBtKNHS1Qsve

Score

10^/10

rat m8gc xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

m8gc

Decoy

nelsonleeoffers.com

profi-markets.com

bdstoancau.info

aminsfy.com

longshifa.online

sqadminnplan.net

0el.biz

fortnitegamers.website

28687jr.com

contentandconverting.com

069superbetin.com

kyono-butsuryu.com

lewandosli.online

8herzelstreet.com

doofsmile.com

kreditnekarticehr.com

usalandia.com

mysmartoffice.tech

bens-coaching.com

catlyshop.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01e607362cf74552b05182e3618f4f0c189afc379d66d16046326497ee60c66b

Files

01e607362cf74552b05182e3618f4f0c189afc379d66d16046326497ee60c66b
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB