General

  • Target

    fee0bbf0d5d22f89189c7e28dd2ff1dea3727af9daf38d6a4997b2c8b7c24639

  • Size

    164KB

  • MD5

    b845a5c4a9cf57bd4bb06da430860020

  • SHA1

    c26dcd6ac49bc8be38d4d61c8be66adb8e47c3e9

  • SHA256

    fee0bbf0d5d22f89189c7e28dd2ff1dea3727af9daf38d6a4997b2c8b7c24639

  • SHA512

    6bd2e2f7f596f9213eb433b094eaa64633c17eb66efae88858863afe8855299fefe295cba19ebfd7607e2d95fd778bfbeb68cf6835a0de2c3d9be509dc1f7f92

  • SSDEEP

    3072:jnp1uG2+BNzO1NqMeMjL7iK2dwbxf6cwRyWzmUA1D6ioB:jPu8+8MeEnQdwbxnwbpAp

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

e3b2

Decoy

treehousemunnar.com

ipabulletin.com

cures8t.com

happy-news.biz

cosmobellemedspa.com

duplocreativo.com

founderqlxwfh.online

weinsteinanddouglas.com

dowseteethalbee.com

grandbowls.xyz

strfolio.com

agoradespossibles.com

monarchap.com

at7eleven.ink

prayrowan.com

mgc-taxconsultant.com

virtuallyrhonda.com

adobitssacv.com

grouptuzun.com

jdzqn.com

Signatures

  • Xloader family
  • Xloader payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • fee0bbf0d5d22f89189c7e28dd2ff1dea3727af9daf38d6a4997b2c8b7c24639
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections