xloader | 040161c3399a5f442769af9a94a71c76917b05d760b923903584b4b80b1cd610

General

Target

040161c3399a5f442769af9a94a71c76917b05d760b923903584b4b80b1cd610
Size

121KB
MD5

d124c744e6daf2a17227459891e53f00
SHA1

88842e8b2faddc49d244c7bc056f57822f10bbfd
SHA256

040161c3399a5f442769af9a94a71c76917b05d760b923903584b4b80b1cd610
SHA512

c0a9f7d3d51419a1852a6b89e5a249b8d3f7a7da36fdea7ed0492f0aca1392d976f75e03db353b39795b75744bcff06d1a748e00643c58d83f0745d8030c78e7
SSDEEP

3072:F/neI9vYlQjTqECOJsjJfVnJgCaBKy/jOSyO:1N6l+uOSjdVFw/jOSyO

Score

10^/10

rat he43 xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

he43

Decoy

medianrealestate.com

donewrightonline.com

shawtopia.com

inmobiliariajlf.com

bullion-store.com

sunkissedjourneys.com

tatou-fashion.com

fruitdoughnuts.com

yingshe.xyz

2021psds.com

adamsonsystem.com

kfordvoiceactor.com

visionries.com

mithwill.com

carolinasbestroofers.com

happy-bihada.xyz

rvparkofdublin.com

joaocapinha.com

tenthplanetjj.com

finishwrightllc.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
static1/unpack001/779f51468b459d7e4fa2fb6dafabd1771416f00bdd0ad587b1f3119da41edd5e	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/779f51468b459d7e4fa2fb6dafabd1771416f00bdd0ad587b1f3119da41edd5e

Files

040161c3399a5f442769af9a94a71c76917b05d760b923903584b4b80b1cd610
.zip

Password: infected
779f51468b459d7e4fa2fb6dafabd1771416f00bdd0ad587b1f3119da41edd5e
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB