xloader | 8d95690aecd1469a47dae3a97ed42d88237abcdd76e786f50dcbca465a187882

General

Target

8d95690aecd1469a47dae3a97ed42d88237abcdd76e786f50dcbca465a187882
Size

160KB
MD5

cc852bafc3e50e9ab6d1e6583a22868b
SHA1

9fc1bb017b38c3595b23a1c3e2b9337780ee48ba
SHA256

8d95690aecd1469a47dae3a97ed42d88237abcdd76e786f50dcbca465a187882
SHA512

e4a1f5865c1f5fa552fa4cbbd71bdaa9c739d999ca8ff31283ae3fb94d96003404595aee5d3d12e276ddc4d3bbdd9d421dd96f45ac5d66a950008a39642a6a94
SSDEEP

3072:XBt3sVvGd00aoQPW9oNLVv+189hkBmOj9HFi5AuxL2ApJsRG2uC:78hLqoNpm+9hkMOj9HFiiuQAkY2b

Score

10^/10

rat ig04 xloader

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ig04

Decoy

seminolesstoreonline.com

galdiaccesorios.com

ucmembrance.com

1036667.com

capitalhostel.com

mobile-ee-login.com

0l0e-m6jw.net

homeinspectorscapecoral.com

realcoolprofits.com

jimenalozoya.com

mimikis.info

questionsansweredsw.com

rejddit.com

hernlyfamilykarate.com

sdifl-edu.com

azure-support.net

kmjqmc.com

dc10courses.com

idoodapps.com

thehouseofare.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8d95690aecd1469a47dae3a97ed42d88237abcdd76e786f50dcbca465a187882

Files

8d95690aecd1469a47dae3a97ed42d88237abcdd76e786f50dcbca465a187882
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 156KB - Virtual size: 155KB

.text
Size: 156KB - Virtual size: 155KB