xloader | 2a15b550fd80131e5a8eda1de8297b180895091820f3ec1a2895dc79e525378f

General

Target

2a15b550fd80131e5a8eda1de8297b180895091820f3ec1a2895dc79e525378f
Size

164KB
MD5

75bf4319bbdea1762281813bdb2cb4ff
SHA1

8f26b791d3097ee6225c4412ab030a8cf8684997
SHA256

2a15b550fd80131e5a8eda1de8297b180895091820f3ec1a2895dc79e525378f
SHA512

d84d2d26b5d52f9be65bfa2477ab662f1b8e78953d5bfdae8bfd741fc93b62bda54adb3fe6922a0edd3bf8645479f0e11e59ce50087970a8500298ac7804514e
SSDEEP

3072:fTZpJNh2W5dtBPdEdMKaepIogdEBPcKxtkvbtiuGnrLd/p:fT9NptjEMK/SogdEPcfvbguGrpp

Score

10^/10

rat mnqo xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

mnqo

Decoy

dcxp99.com

fe9muunu.xyz

shaytonabeauty.com

tonisu.com

swissbexchange.com

ultrasmartr.com

theblackforum.com

envirobombs.com

melagodocafe.com

lajmiplus.com

secureremoteworkforce.asia

lqwj0769.com

justiceforspeedy.com

boardsandbeamsdecor.com

voteforehrlich.com

pe-logn.com

icscci.net

price-hype.com

webecoplus.com

vcmetaverse.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a15b550fd80131e5a8eda1de8297b180895091820f3ec1a2895dc79e525378f

Files

2a15b550fd80131e5a8eda1de8297b180895091820f3ec1a2895dc79e525378f
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB