xloader | cd5c4b96ea4d62dbe390db53b7c76529eb34d77977359fbd32ab66dd8fd3c675

General

Target

cd5c4b96ea4d62dbe390db53b7c76529eb34d77977359fbd32ab66dd8fd3c675
Size

164KB
MD5

73c62e3a4760db8fa9422c418651163e
SHA1

9261bc526a13204dd8612261d4bded84fb7333dc
SHA256

cd5c4b96ea4d62dbe390db53b7c76529eb34d77977359fbd32ab66dd8fd3c675
SHA512

d4a41fc911a48d45a77827b55debca5e61a6cbea17ab4da4cc8080652a62d1c7b6c26260b4ff0242de7ecc1c6abbab5e153ffe05ab3bc304c122c0185db79d6e
SSDEEP

3072:9xJLQjj70rIsWYmMyD/DF6QdpLlosFGOmfwuRpxkSbif2K:9vd2HMyrhDdpLlosMOxuNK

Score

10^/10

rat vfm2 xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

vfm2

Decoy

swedishchess.com

vanlifedubai.com

srespd.com

aquaeyego.com

mipily.com

wolderland-technologiesmy.com

reidandwriteon.com

realtywithgeorge.com

thomasangelop.com

innotecon.com

alternativedata.services

shogohorinouchi.com

fuliba001.xyz

levelprism.com

auditocity.club

opmatix.com

eds.center

sophia-tokimeki.com

htbrasil.com

trueacademia.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cd5c4b96ea4d62dbe390db53b7c76529eb34d77977359fbd32ab66dd8fd3c675

Files

cd5c4b96ea4d62dbe390db53b7c76529eb34d77977359fbd32ab66dd8fd3c675
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB