xloader | 13df52643a87c289ee7a052952412b0b1f0f978289a44d564be1d5b2a87827c9

General

Target

13df52643a87c289ee7a052952412b0b1f0f978289a44d564be1d5b2a87827c9
Size

164KB
MD5

3dc4ad3431a254f3ca1c3c8504fae12a
SHA1

2c04efd91e87c007d1746b991a841ff4233f2ecb
SHA256

13df52643a87c289ee7a052952412b0b1f0f978289a44d564be1d5b2a87827c9
SHA512

8019316a521215611c361593dce5b05be649c27f3eaf8becf6eac2177c0c49ebaffd690ac91dacf3a45b2a09586d5af27ca3f5641972a127930ee3b8ce22535c
SSDEEP

3072:e4pp6a2OQFXxYgGlMkzxxAvfdsphNN3AAGoa4iVjCnOYdWz:eCa3OMkNSHdsphNN3IoatVjPYY

Score

10^/10

rat nig8 xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

nig8

Decoy

jmanstore.com

babakrashid.club

hong88888yuanxiang.com

bets-bc-cfeae.xyz

chiragkhemka.com

aignerlabelholde.com

givemelucky.com

mobilethaimassageatl.com

bosskardus.com

postmanmajor.com

lifelineministrieschurch.com

compressathlon.com

dechemuckho.com

vogbuilders.com

azumo.xyz

miskarangsimpang.xyz

birdcagewire.com

cowcatartstudio.com

theinteriorsfurniture.com

lakeforestparkinvestments.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
13df52643a87c289ee7a052952412b0b1f0f978289a44d564be1d5b2a87827c9

Files

13df52643a87c289ee7a052952412b0b1f0f978289a44d564be1d5b2a87827c9
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB