xloader | c7ea742456d336bb1f95f285c2df067f986ba9615efdb0ebab91efe5094de9c6

General

Target

c7ea742456d336bb1f95f285c2df067f986ba9615efdb0ebab91efe5094de9c6
Size

164KB
MD5

f74e0fcd68247607093561f84e0f31b3
SHA1

bcc488f022467f59eb651aed919782f1304b2f83
SHA256

c7ea742456d336bb1f95f285c2df067f986ba9615efdb0ebab91efe5094de9c6
SHA512

ac5bb4be65f8e9f44678316dc6bcbcc26ab97990aab5e8df353008a50f5494a2c8c480e3d250b42826aa836b175262e8f63a0e87cdc8de1a9e34ae7c6aa475a6
SSDEEP

3072:wuJxyjIQxliaY+BMqScnRc1tIP7j64Y2Ehh1U693pEwuzxjhv4QFv:wYIgGMqBR6tIP7o2Oh1UQpEwCb4Qt

Score

10^/10

rat nd04 xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

nd04

Decoy

picsedits.com

ceinpsico.com

151motors.com

rollingstrollers.com

yonghengwenhua.store

thesortinghouse3j.com

piboise.com

xgdfjm.com

icloud-verify.com

exeterloftrefurbishments.com

kascae.biz

mujeresimparablesterramar.com

samsungcorporate.com

journee2sobriety.com

quanqiu00000.com

gigharborapartment.com

spacdesignerhomes.online

alcantaraleiloes.com

gibbsrecordingco.com

aftermarketbiz.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c7ea742456d336bb1f95f285c2df067f986ba9615efdb0ebab91efe5094de9c6

Files

c7ea742456d336bb1f95f285c2df067f986ba9615efdb0ebab91efe5094de9c6
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB