xloader | 5f01f7635f0f2e619a3b37ca037b191590d50a6064f40fec2ed0acc14cb914c6

General

Target

5f01f7635f0f2e619a3b37ca037b191590d50a6064f40fec2ed0acc14cb914c6
Size

164KB
MD5

da47ba6c4269bc45e1927a5e9ce2e97d
SHA1

e7e6614cde7dc279f7f480ae66c2caeaf4bbbd38
SHA256

5f01f7635f0f2e619a3b37ca037b191590d50a6064f40fec2ed0acc14cb914c6
SHA512

e9a9a3f04b2022a4689df5ed6213dfe1cfc40d50dbbdc0661117536184599a46f0f45bd0da66c639de8257c778898dbd9437fe3828ff92f02c8f126dfe8e5c8e
SSDEEP

3072:acJT2jyoWXCQqH4MIf6CByU69vDZcD3RYDaksIA37:a814YMIiqyR9vDZihYuks7

Score

10^/10

rat ocgr xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ocgr

Decoy

shiftmedicalstaffing.agency

muktobangla.xyz

attmleather.com

modelahs.com

clime.email

yonatec.com

mftie.com

doxofcolor.com

american-atlantic.net

christineenergy.com

fjqsdz.com

nagpurmandarin.com

hofwimmer.com

gororidev.com

china-eros.com

xn--ekrt15fxyb2t2c.xn--czru2d

dabsavy.com

buggy4t.com

souplant.com

insurancewineappraisals.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5f01f7635f0f2e619a3b37ca037b191590d50a6064f40fec2ed0acc14cb914c6

Files

5f01f7635f0f2e619a3b37ca037b191590d50a6064f40fec2ed0acc14cb914c6
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB