xloader | cc8ca49033c27bcd4a801eb426ed9759fe0650886cf3a96cf946b5e444dd7cc3

General

Target

cc8ca49033c27bcd4a801eb426ed9759fe0650886cf3a96cf946b5e444dd7cc3
Size

160KB
MD5

192e750b0637db17652add7a7ac4bb35
SHA1

71b2f1a20bdc47adda37fdb305c6408146baf5b0
SHA256

cc8ca49033c27bcd4a801eb426ed9759fe0650886cf3a96cf946b5e444dd7cc3
SHA512

a7c6c4a4fa3fa21c5ae7df4eb5785cb345f7770939605f18a297dc9f43c18ac622f932eb9ae00a9d2a16620adf0ff97604c47f48c829806afb133c9c5c16f308
SSDEEP

3072:1IBKfb69C8IJmQ2SoKS8oFRyyO6otD8OId7/a2M98boVmXRT:15fe1dSoKLWRNO6omOId7/a2M9UrXp

Score

10^/10

rat c8ec xloader

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

c8ec

Decoy

kingmeters.com

thawoman.com

cannabisinseconds.com

3966399.com

grabopolska.online

krystalpacifico.com

quibii.com

wangzhanceshi.online

blog-techtalks.com

refreshlightingcompany.com

justrightmap.net

sewabhartidelhi.com

noharminmasking.com

speedysignin.website

schwabinsttutional.com

carbon2algae.com

pateleprevention.com

techsavypinaki.com

onemindafrica.com

flowerpeony.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cc8ca49033c27bcd4a801eb426ed9759fe0650886cf3a96cf946b5e444dd7cc3

Files

cc8ca49033c27bcd4a801eb426ed9759fe0650886cf3a96cf946b5e444dd7cc3
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 156KB - Virtual size: 156KB

.text
Size: 156KB - Virtual size: 156KB