xloader | 4a4841dbdb42eeeb9b41c1ffe089e5197a5301a6d274bca84349d620f5045f4c

General

Target

4a4841dbdb42eeeb9b41c1ffe089e5197a5301a6d274bca84349d620f5045f4c
Size

164KB
MD5

477e11e86b20872e54636ad3c547f735
SHA1

bf688baaf9aab60f7e4e861c1cec659d13b02008
SHA256

4a4841dbdb42eeeb9b41c1ffe089e5197a5301a6d274bca84349d620f5045f4c
SHA512

dea1a28b45fe590f23f2f44e726414c44b478dbecc1b614f0f9a5b28e85b5b11e2734bba4b81575572651f825d9eebe30f1bee20b673b7d8842b95d1d54aaeb4
SSDEEP

3072:AiwX2EEJFADmTpUet/2SlqNILZ906MhJM0Nd2t8:YCYEpUA+3NILZmG0S

Score

10^/10

rat fhuh xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

fhuh

Decoy

legalraleigh.com

kodaikeiko.com

pptmarketplace.com

theinvestmenthorse.com

quiubit.net

theresashelley.top

watchlivestream4k.xyz

heinousas.com

menggaodui.com

interstellar-art.com

com-junction.com

thebugkitchen.com

poppyfox.top

itsmeekasheilou.com

vtooland.com

minogratio.com

familyfixins.biz

nihonno-okami.com

yefiafrica.com

chokeonwords.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a4841dbdb42eeeb9b41c1ffe089e5197a5301a6d274bca84349d620f5045f4c

Files

4a4841dbdb42eeeb9b41c1ffe089e5197a5301a6d274bca84349d620f5045f4c
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB