xloader | dd572b18dc0d6d7016a8e641fa088d76e02f0de713b640d2ff6cdad7eaf1fe36

General

Target

dd572b18dc0d6d7016a8e641fa088d76e02f0de713b640d2ff6cdad7eaf1fe36
Size

168KB
MD5

293ea2eb1cccf09483c7c3371e3d4430
SHA1

e9475efa79c8f5c8d70521bb73b9eff54ae93901
SHA256

dd572b18dc0d6d7016a8e641fa088d76e02f0de713b640d2ff6cdad7eaf1fe36
SHA512

8c5685530ebc90870ac739c844d1b628fab9cff0e3333992c124388f9528868a956898315eab84c62c6762f6fa249939262b2b561de50f0e4ef3f25a5810b865
SSDEEP

3072:VJJOqjBSJZvbFxLMFFGGjPu9zGFaAyS2NzcLKVT6EeT:V6tZhMFwU29zGFatLmLK8

Score

10^/10

rat cs5r xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

cs5r

Decoy

watertosplash.online

swingsportz.com

drdashomestay.online

thongtachutbephot100k.com

0le2rwczg.com

nacionalaquisitivo.com

pttimorisbalindovisa.com

lindseymidcap.com

pekavar.com

gestionalcliente24hrs.net

dengfengfc.com

mgav83.xyz

kingcoincrypto.com

solar-tribe.com

aranehsdesigns.com

christiewood.net

kidsbond.tech

whispers.tech

cryptodaita.com

naybigsilverjewelry.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dd572b18dc0d6d7016a8e641fa088d76e02f0de713b640d2ff6cdad7eaf1fe36

Files

dd572b18dc0d6d7016a8e641fa088d76e02f0de713b640d2ff6cdad7eaf1fe36
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.rsrc Size: 1024B - Virtual size: 960B

.text
Size: 159KB - Virtual size: 158KB

.rsrc
Size: 1024B - Virtual size: 960B