xloader | 7e0e5228ddfd9d380e82c4024f194192f5b6203f1002c1b90e056d8b5071d057

General

Target

7e0e5228ddfd9d380e82c4024f194192f5b6203f1002c1b90e056d8b5071d057
Size

164KB
MD5

6f6dc053173c8d25add1c460e82ae4df
SHA1

225377ca0fc75143b37c7093b1ca38b2f14aee6a
SHA256

7e0e5228ddfd9d380e82c4024f194192f5b6203f1002c1b90e056d8b5071d057
SHA512

0752fd84ad112e935f548000cf55a7d700ce322d95b78f88ed03152d6a1ddd812b3f75d58803d35336b7cd6eba994062556bb8909c49ad9c89a458f7e522be66
SSDEEP

3072:1fepPH92uiXgJXeZM6hjPuUHNXtr4A0KfIfjFdVsI+F2i2C88:1faicKM6Z2UHNdrL0QM

Score

10^/10

rat e0ep xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

e0ep

Decoy

disignmagazine.com

suuteki-no-anaba.com

12daysofwriting.com

kimsat.art

cbsautoplex.com

gmconstructionlnc.com

downlownft.com

uzh.biz

joviafinanical.com

receiptsloepc.xyz

avcarpet.com

smartlifepack.net

syllyl.com

lifecoach.directory

mom-wponline-sg.com

usaworkerscorporation.com

zionnolan.com

ort-care.com

roledepartamentos.com

solideo.holdings

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7e0e5228ddfd9d380e82c4024f194192f5b6203f1002c1b90e056d8b5071d057

Files

7e0e5228ddfd9d380e82c4024f194192f5b6203f1002c1b90e056d8b5071d057
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB