xloader | b38c05f3eb0103d5f2b99139e6fe6562a2cae0be04776ac98dcf9918d932047a

General

Target

b38c05f3eb0103d5f2b99139e6fe6562a2cae0be04776ac98dcf9918d932047a
Size

172KB
MD5

2a42682b0b713a7cb22067a1c71dcdf4
SHA1

26709e0f37f9b27bc2a82f58144615f40004a9d3
SHA256

b38c05f3eb0103d5f2b99139e6fe6562a2cae0be04776ac98dcf9918d932047a
SHA512

7f13f2c602c411d44833448dcd4642831dc5624a014595e24fcc6a2f039f8ff8c447203dd850fe1cd25dd3a6372f4fc1d4b137cf6390cf84a30dae2edf2e806f
SSDEEP

3072:P4tbTVo3/QlFvRbBBmWVy1QLUUutSr5XsqpPWwL+VW7mjbk4mYE:PEyPcxB41QfmSr58qUwCVWGbM

Score

10^/10

rat pb0u xloader

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

pb0u

Decoy

pikettrans.com

centralvalasid.com

bfgnft.com

evergreenstandard.com

vibelabs.xyz

ydkj5js.site

estatedigitalservices.com

foretforesthillcondos.com

caturqqbos.art

marbled.enterprises

soicauhay.com

mika-aerophone.xyz

metaverseshopstore.tech

tinycmp.com

ftmfatloss.com

affordablephotobooths.info

courteeshire.com

dostonurinov.com

thomastalkstea.com

make-vr.money

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b38c05f3eb0103d5f2b99139e6fe6562a2cae0be04776ac98dcf9918d932047a

Files

b38c05f3eb0103d5f2b99139e6fe6562a2cae0be04776ac98dcf9918d932047a
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 167KB - Virtual size: 166KB

.text
Size: 167KB - Virtual size: 166KB