xloader | 0f8e1f0d08fd54d30dd13d25c40ad89e66c74991c961cdece5f752c52a8c8037

General

Target

0f8e1f0d08fd54d30dd13d25c40ad89e66c74991c961cdece5f752c52a8c8037
Size

164KB
MD5

6918e9684afe05aa72a234c272e7b1f2
SHA1

7d191105dfb2664bdbeebe8caf31f6904ec57ddc
SHA256

0f8e1f0d08fd54d30dd13d25c40ad89e66c74991c961cdece5f752c52a8c8037
SHA512

8d4fb685daae4714e6f95ed15c8fac593b777db27ee37b4e1cc4fe19a32d5b536ecc0a909595c8688c3245cc36e6314f7ad77aaecf93acd162e86139f523dd2a
SSDEEP

3072:XbapnFQ2pDjD989MREXeFA7JJ9PgkGoV3bK71u9VxaR:LOFtVMMR0aAb9PgkGK61iVS

Score

10^/10

rat 6rnk xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

6rnk

Decoy

putaojiau.com

insidersbyio.com

senda-piano.com

yuanshuku.com

homeconspiracies.com

wa1313.xyz

takesatisfy.club

yoashee.com

classificationmetallurgie.com

1222074.com

uteexperience.com

savagereviews.xyz

dybtcb.com

peeltown.com

gymbarbie.com

gruponeoenergia.com

raidthebookies.com

one-to-one-property.com

thepoint.store

thesaymedical.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f8e1f0d08fd54d30dd13d25c40ad89e66c74991c961cdece5f752c52a8c8037

Files

0f8e1f0d08fd54d30dd13d25c40ad89e66c74991c961cdece5f752c52a8c8037
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB