xloader | b9185973575f9ed55b61d145d3e9e5332a28585d9b5da06f278b420c96f6a2e9

General

Target

b9185973575f9ed55b61d145d3e9e5332a28585d9b5da06f278b420c96f6a2e9
Size

164KB
MD5

6621707bceb22b7f311bfacc598d2295
SHA1

9953564388c3b04c3055d3fce1c71c8ec9a8a562
SHA256

b9185973575f9ed55b61d145d3e9e5332a28585d9b5da06f278b420c96f6a2e9
SHA512

eca4ad2bcc4a419023db2f96c6144bf3b3050d7121e8dd613b24d7d48bc50a8845c224f1b68ec10d0e667e1677108a11c5b9d0edde2849b77632fc098f5b8abf
SSDEEP

3072:2zJVSmjh4S92EBxqMSggBIg3dUyZsC3+R6uSjFAgKa1:2jSuPEMSbKg3dUy6xCK

Score

10^/10

rat cxeo xloader

Malware Config

Extracted

Family

xloader

Version

2.4

Campaign

cxeo

Decoy

realtyfindr.com

littlelakesranchcattle.com

mortgagecollective.online

cortenlogistic.com

healthcaresupplyinc.com

abc1229.com

johnlambertsen.online

yasirweb.tech

1398toftsdr.com

chordsofdevils.com

hemetcondos4sale.com

hdtvstoreonline.com

ultimasnoticiaswfmajide2.xyz

soutu6.com

lastmilefast.com

glveye.icu

countinesices.com

savenroar.com

reiwa.cloud

wendsoue.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b9185973575f9ed55b61d145d3e9e5332a28585d9b5da06f278b420c96f6a2e9

Files

b9185973575f9ed55b61d145d3e9e5332a28585d9b5da06f278b420c96f6a2e9
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB