xloader | 918887b05c12269db692bf77365bd513b3a9b1bc558f76f2a080a07ecbd6b245

General

Target

918887b05c12269db692bf77365bd513b3a9b1bc558f76f2a080a07ecbd6b245
Size

164KB
MD5

82700927fc7c785b25c4773613651676
SHA1

922c4f2217eef69ca7765c77576180564323cb58
SHA256

918887b05c12269db692bf77365bd513b3a9b1bc558f76f2a080a07ecbd6b245
SHA512

bdc8a62e49cfa036ab62146c0d458affdac285f4ee089d5b3d245cd679016efabdec902dd083f748a45a1cb89547cf57cbf011c4e662eaabb3ea9a79a08a32f1
SSDEEP

3072:Bwpwl2LvUxDJynMH8lApZeV9IVYmqHTinLQrw:BzxfwMHGAZeV9ImmEOLU

Score

10^/10

rat e6c0 xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

e6c0

Decoy

english-brain.com

intercontinentaltaichung.com

nttcjx.com

onlinedatingthainet.com

shenanabangz.com

lawyerchaos.com

independenttutor.com

choice-recordtoreadtoday.info

frrggo.space

cryptowizardsnft.com

3059youngst.com

anonymousmomforum.club

swisstrustcitybank.com

cornwallsurfers.com

pinewestlogisticexpress.com

wx-zhongya.com

pixel-muffin.com

quotesmsg.com

jamhandymusic.com

frisch5k.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
918887b05c12269db692bf77365bd513b3a9b1bc558f76f2a080a07ecbd6b245

Files

918887b05c12269db692bf77365bd513b3a9b1bc558f76f2a080a07ecbd6b245
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB