xloader | 8fd0181b59a2edc765689fd71d914b6f43efe9d120cff925abf6c40d3880a273

General

Target

8fd0181b59a2edc765689fd71d914b6f43efe9d120cff925abf6c40d3880a273
Size

164KB
MD5

172d1ed231154114ebba05893f6b0b20
SHA1

ed16ef7a41312e3ed3c57c1dc16466f75484e362
SHA256

8fd0181b59a2edc765689fd71d914b6f43efe9d120cff925abf6c40d3880a273
SHA512

1bbddba26b490104219327b754f6cd445ccd582b9dee49ffad6f1b1fbfab139a31db1c737397868610aeba10c15aec60c50336343b345c91f9d551b9292f99e6
SSDEEP

3072:gzJbWG2pMCYpW6Mi9sfHRqIJSdv0LxLqqOGet03PqsBQ4MD:gVrjVMiePnodcLZqqOGeUPqkQbD

Score

10^/10

rat gqav xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

gqav

Decoy

6638nnewgardg.info

billionairesofdubai.com

clashofclansapk.net

rgfreightline.com

zjbuan.com

ohiomarkets.com

mobilodemebozumerkezi.online

tpmye.com

gzhf8888.com

372181.com

gv5rm.com

campinsider.net

daasit.computer

14plaisanteinfo.com

airway.today

sukidict.com

christiancoachingforkids.com

357961.com

flotents.com

halston4corners.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8fd0181b59a2edc765689fd71d914b6f43efe9d120cff925abf6c40d3880a273

Files

8fd0181b59a2edc765689fd71d914b6f43efe9d120cff925abf6c40d3880a273
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB