xloader | 39836847e338bfa0d4e96ee326285a0c61e01caba18d50968cc6ad1aec967b1a

General

Target

39836847e338bfa0d4e96ee326285a0c61e01caba18d50968cc6ad1aec967b1a
Size

164KB
MD5

0a46f3c7c4973d5d592d6ac42af6859b
SHA1

279cf42e1226294c28e734dee00fdb4e5e01afd5
SHA256

39836847e338bfa0d4e96ee326285a0c61e01caba18d50968cc6ad1aec967b1a
SHA512

6b90f6a112eecb543701b2d302f8e110fe7228076609b743b7a83515582da0fd0e27e0d646c0968344f34cc947a0220cab081c260187bb253b352d5ee4afabfc
SSDEEP

3072:QXJXqhjUIxGXk3qnpPmutHuMIy+xOb8Q/h4ol+zjEUS4cvAOs:QlW8pPzluMIy+xOb8U244FOs

Score

10^/10

rat oogi xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

oogi

Decoy

cminethings.com

hitsduo.com

cicisolutions.digital

nathancooley.com

nextvaccines.com

marciabernice.com

planmemberelite.com

gotage.com

danijela-djordjevic.com

joyases.com

hldxhzs.com

subngon47.com

kitships.com

duplicatedaves.com

mihmiz.com

sophisticatedsignings.com

vrarw.com

wxdfxx.com

schoolshopni.com

thegarageguys.store

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
39836847e338bfa0d4e96ee326285a0c61e01caba18d50968cc6ad1aec967b1a

Files

39836847e338bfa0d4e96ee326285a0c61e01caba18d50968cc6ad1aec967b1a
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB