xloader | 47b81a190271752e4370f06a2f5f98908701d8d1d3cdcd13d52c0c3bfa44787f

General

Target

47b81a190271752e4370f06a2f5f98908701d8d1d3cdcd13d52c0c3bfa44787f
Size

164KB
MD5

3b074354e8618e0afa84cedf903c2b35
SHA1

de3fb78531d2b7b57410c89634c5ab81fe38a2dc
SHA256

47b81a190271752e4370f06a2f5f98908701d8d1d3cdcd13d52c0c3bfa44787f
SHA512

8cef9df4375e0e85ec91c33e17ddc658bd44e5087b2f81ed768e79ba3359d11b80f9b9745d7f71e26544520030ab7d3729a40e2acc9c3059591999dfd4a3e10c
SSDEEP

3072:MSopXw2RMDf3zRMVW6lQv32NTU92LLttkZYSW5BjYEZGmJ:VAmDlMVWAyGa92LHkCSMc5

Score

10^/10

rat ugfu xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ugfu

Decoy

box96.store

penguinislam.com

noorwellintl.com

fabrice-tui.com

crystaljeddah.com

spgbr9be8xzz.biz

berdisen.com

happylifecompanies.com

5188jz.com

seffnerchristianacademy.com

chacetheace.com

iammara.com

covenantpaviscous.com

biz-blasts.com

bestgaminglaptops.xyz

komuwoj.com

fudoshinperu.com

kissmint.art

51huazhuangpin.com

casinojpn-inc.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
47b81a190271752e4370f06a2f5f98908701d8d1d3cdcd13d52c0c3bfa44787f

Files

47b81a190271752e4370f06a2f5f98908701d8d1d3cdcd13d52c0c3bfa44787f
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB