xloader | d6cbb5968a8a3be4a670eb0cd2be88ee4ed1b21521d4cdb2622d7a542cbd6ea5

General

Target

d6cbb5968a8a3be4a670eb0cd2be88ee4ed1b21521d4cdb2622d7a542cbd6ea5
Size

164KB
MD5

b5f0f29c4f45ae994e1c8b829f86d000
SHA1

449902ff4fa1d35a8ada738eeccee34a75445685
SHA256

d6cbb5968a8a3be4a670eb0cd2be88ee4ed1b21521d4cdb2622d7a542cbd6ea5
SHA512

cf7e6c26ee671321538e004ffd32095169fc1c4d45e847d17e17ec8afd1aea76b859a7cc93a08613f9044f21b174200a725acaf5a1fec121f756105ec9a5ed1f
SSDEEP

3072:N/JEbjaiIFJJs3esM+Xgu6JtJucz5ttWKdbZNNYthG5Pm3:NqS0OsM+wuWGcNtLd9UW

Score

10^/10

rat tumb xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

tumb

Decoy

securitybusinpuff.com

0er3xl.com

christinagriffithlaw.com

yadeck.com

ifne2021.com

companyintl.com

abioduncleaningservices.com

jadeshelf.com

professionalsupply.asia

hnmybella.com

socalpvrepair.com

storeangelbaby.com

rwnw.store

teenypix.com

ncgf34.xyz

vear.club

cursopslucas.com

bmsr.asia

growingyourlist.com

viviesse.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d6cbb5968a8a3be4a670eb0cd2be88ee4ed1b21521d4cdb2622d7a542cbd6ea5

Files

d6cbb5968a8a3be4a670eb0cd2be88ee4ed1b21521d4cdb2622d7a542cbd6ea5
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB