xloader | 1db212e73ac2f8a124da81510672302f8f345e12e2981178a8fc751aa1ae7ac6

General

Target

1db212e73ac2f8a124da81510672302f8f345e12e2981178a8fc751aa1ae7ac6
Size

164KB
MD5

54acde16b948f9673d715aa1974fc06c
SHA1

55d7d2441f69d53bd1b67e5470b4f5059d989d2e
SHA256

1db212e73ac2f8a124da81510672302f8f345e12e2981178a8fc751aa1ae7ac6
SHA512

199cb079dc8c5c2ac9d407eabd4d5eccb3b434afa65f64be4e0f2b725bf3f8bd6093d622d18a30488813352c4f60988c81fd001fc177990fe5bca586fe2a6cf0
SSDEEP

3072:E3JQyjVS0DIbasvpMCJBp+/LlddLFuGQC19G521tWOSBdFg:E+UPsxMCt8LPdLFmM9GgWBd

Score

10^/10

rat sued xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

sued

Decoy

otazkystookt.quest

verskylife.rest

jhnana.com

latelequesuma.com

amanuensedigitale.com

nsrtx.com

sandospizzeria.com

easychu.com

yewryueui.store

grupoabintegra.com

daylliance.com

sddn58.xyz

datarbl.com

ristorantefontanamurata.com

sophietatarchuk.com

narcoz.club

velociget.com

279521.com

blandinelobela.com

fintekx.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1db212e73ac2f8a124da81510672302f8f345e12e2981178a8fc751aa1ae7ac6

Files

1db212e73ac2f8a124da81510672302f8f345e12e2981178a8fc751aa1ae7ac6
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB