xloader | 347ef45fc64f2d2a9048270c8d2b6859da1869f415dadef6aa5f166b7dffbd26

General

Target

347ef45fc64f2d2a9048270c8d2b6859da1869f415dadef6aa5f166b7dffbd26
Size

168KB
MD5

33bdfa55b0cb128fa093ba85c926e48d
SHA1

6b95bdef8c2ea1753d6851e8c7a20ef216c4350d
SHA256

347ef45fc64f2d2a9048270c8d2b6859da1869f415dadef6aa5f166b7dffbd26
SHA512

6e396754382b0ffd6c76055676ae03e5f797b4ee9cb43dad06051eeb156159411c43f1f95fd710d6b10c924d7a7e146543873143689841c18f44c3ae7455c680
SSDEEP

3072:tJP12fHQLZ4XaMUMJJ/Mit40nC7U0O7vQ0y9RM+MN:vec8aMU2tbt40nC7U0O7Y79K

Score

10^/10

rat apju xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

apju

Decoy

fbqxzz.icu

kinokosuke.com

psychosoziale-beratung.com

covermydreamhome.com

livingartpodcast.com

simonavallone.com

spaedymafra.com

royzoom.com

classiccuisinetci.com

itechnology.tech

range4tis.com

rehab-infoweb.net

rebeccawsapp.com

azenkabestmid.info

change0913.com

efilux.com

aprendesobre.com

relokators.com

reditastore.com

3424soldbastrophwy.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
347ef45fc64f2d2a9048270c8d2b6859da1869f415dadef6aa5f166b7dffbd26

Files

347ef45fc64f2d2a9048270c8d2b6859da1869f415dadef6aa5f166b7dffbd26
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.rsrc Size: 1024B - Virtual size: 960B

.text
Size: 159KB - Virtual size: 158KB

.rsrc
Size: 1024B - Virtual size: 960B