xloader | 0b928b1c0ad0176766c88bf7bb7036cde5ce5bd1e948268c239d8230117a43e5

General

Target

0b928b1c0ad0176766c88bf7bb7036cde5ce5bd1e948268c239d8230117a43e5
Size

164KB
MD5

63870670c7d49109522c575ab349e41f
SHA1

e4b7139b3cb72e21497bfd012f1534a912b65d49
SHA256

0b928b1c0ad0176766c88bf7bb7036cde5ce5bd1e948268c239d8230117a43e5
SHA512

bc5bfaa532ddf70d6e63b08bc2914a25501e0d4230dc256f001825291eb79b7b293a7aee293745e19aaf45ebb0f15baa4046d39cdba0e8e56317fd7e540d386d
SSDEEP

3072:cJSe2Q7/QvGUMHcK6yJfj9og19mrElVf5qDE+p6I3jIxp:h4O3MHlJJfj9ogzmKVf5EE+jzI

Score

10^/10

rat 3j0s xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

3j0s

Decoy

designingthenewyou.com

atatang.com

nathanrundle.com

compromissodeamor.com

htbyh.com

flymagna.club

freeflowinitiative.com

jonesof5group.com

matrix-casino.com

alanizremodeling.com

urvb.top

eleenfashion.com

y-mashiko.com

quirtic.com

givgive.online

ivermectin.care

tajemnice04.icu

lowridasindahoodtoyof2.xyz

guohongan.com

drshivanieyecare.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b928b1c0ad0176766c88bf7bb7036cde5ce5bd1e948268c239d8230117a43e5

Files

0b928b1c0ad0176766c88bf7bb7036cde5ce5bd1e948268c239d8230117a43e5
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB