xloader | c3d0b587376dc03b24b6736ef91b221d09127bdeabf3cb9191db6ac69a483969

General

Target

c3d0b587376dc03b24b6736ef91b221d09127bdeabf3cb9191db6ac69a483969
Size

164KB
MD5

0964e7a3cf4fad4368a2437d275794f6
SHA1

b7459f439a83684ccfb50b0ddc61d37f1ff0a288
SHA256

c3d0b587376dc03b24b6736ef91b221d09127bdeabf3cb9191db6ac69a483969
SHA512

5cfb5f2f2f55283f9d5eaa78e6a6a3995156ebb54518e4fa112c7f8ad1136774d8e4656c3b10d05451aff27cd588f15f3c6d69518c372ffc5f6b73d1709f207b
SSDEEP

3072:TeJQXjnAS1pOqKT3MMDshqi2s9bLGvhOoykqOK7ldthXikYBG:TF3GzMMQsiD9bL8NrKpdtd9YG

Score

10^/10

rat uhq3 xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

uhq3

Decoy

lionsclubtunisdoyen.com

artchemindia.com

blaulicht.cloud

szlaaf.com

erucestech.com

gazeteyenidunya.xyz

ps-sac.com

maedatoshiie.site

hothess.com

nbeight.com

sufamiturbo.com

myfamilylegacy.online

cupsnax.com

c2cuae.com

mabibliothequehomepage.online

poultryvet.guide

immobilier-alienor.net

losthegame.com

creditturf.com

skillspedia.net

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c3d0b587376dc03b24b6736ef91b221d09127bdeabf3cb9191db6ac69a483969

Files

c3d0b587376dc03b24b6736ef91b221d09127bdeabf3cb9191db6ac69a483969
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB