xloader | 503501592d4c8497bf04cc1a2af9a9ecfe94152f80ec032a087d3a7cc4d8885f

General

Target

503501592d4c8497bf04cc1a2af9a9ecfe94152f80ec032a087d3a7cc4d8885f
Size

163KB
MD5

98dc6c8b031ca48b192ab182daa47833
SHA1

15ed499143a466f2895fa2dd67deb47de85c7027
SHA256

503501592d4c8497bf04cc1a2af9a9ecfe94152f80ec032a087d3a7cc4d8885f
SHA512

d040180008e35792182ff00519aed6ae37b10f7956b4670f40ff8d0d548f4a624ffefe6f253d68cfbad794db143f0b7caf11dc698efab7d2f2cc2ef09c403b92
SSDEEP

3072:7JJ2utT2t+LweYNKMrxnio+c5ltgAIxQzTU/mlDqg4DIh:bdzHYUMrBb+c7tgAIu3qmlDX0

Score

10^/10

rat u3ja xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

u3ja

Decoy

emiratescomm.net

whattodotenerife.com

bspq-jlcd.com

torobesttanker.info

projectcentered.com

agglog.com

francesbypoppy.com

lakenormanpilates.net

chaseatms.com

bendarlingart.com

blogjust.xyz

wodeluzhou.com

p6ynwcxrxetb.biz

servpix.com

eddysearthmoving.com

rvafootcarenurses.com

contessa.store

jasonconcerttickets.com

umldbe.xyz

noroesteremotos.online

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
503501592d4c8497bf04cc1a2af9a9ecfe94152f80ec032a087d3a7cc4d8885f

Files

503501592d4c8497bf04cc1a2af9a9ecfe94152f80ec032a087d3a7cc4d8885f
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB