xloader | 7c091c9ad6167399192bd97032c60267e78566353b6d25a84e40f823b56bcbe1

General

Target

7c091c9ad6167399192bd97032c60267e78566353b6d25a84e40f823b56bcbe1
Size

164KB
MD5

d5505bd41c64788074c8dc6fb0e68226
SHA1

d0b5f1288fbd6f0e9844a6e06d3fe148ab9bd5dd
SHA256

7c091c9ad6167399192bd97032c60267e78566353b6d25a84e40f823b56bcbe1
SHA512

78c421545624fc4162e23b21558e584c352b882ee4d658f7b946a9812d067fa9ef28d4c7dd844ae81a3b7be697fb378a6ad476e41e94646586fdea3c39ceb5b1
SSDEEP

3072:kpGxyWbPwTEEdf+oFuxpVARbqNmX+BiCGmcZigpmuWlq:dEC0uxLUONmXjmckFu

Score

10^/10

rat pvxz xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

pvxz

Decoy

imt-token.club

abravewayocen.online

shcloudcar.com

mshoppingworld.online

ncgf08.xyz

stuinfo.xyz

wesavetheplanetofficial.com

tourbox.xyz

believeinyourselftraining.com

jsboyat.com

aaeconomy.info

9etmorea.info

purosepeti7.com

goticketly.com

pinkmemorypt.com

mylifewellnesscentre.com

iridina.online

petrestore.online

neema.xyz

novelfooditalia.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7c091c9ad6167399192bd97032c60267e78566353b6d25a84e40f823b56bcbe1

Files

7c091c9ad6167399192bd97032c60267e78566353b6d25a84e40f823b56bcbe1
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB