xloader | f542cf77472e130606036646114ef61fe38b8c874240a8b8ac59ad0fc1ffdb7f

General

Target

f542cf77472e130606036646114ef61fe38b8c874240a8b8ac59ad0fc1ffdb7f
Size

119KB
MD5

7cf25a995b5e6a65229c99a802f1ece1
SHA1

6c978c138af2c7617fc875def692e3ae8ab728aa
SHA256

f542cf77472e130606036646114ef61fe38b8c874240a8b8ac59ad0fc1ffdb7f
SHA512

5195113d59fd4b054fe5ef4900325066de19df0ed554ad7e69cfaeecadcfd5c9a224eca785197425cb373eedc356272a0d1ff3449bbceeba5025e23aeeea4ac7
SSDEEP

3072:rG/YTGN9zpMBMnx6FPZfNNjAlMSUUenFTf/fhWXPtWPP1Ub:rG/CG7zpMenw9jsB5KTfhWXPw32b

Score

10^/10

rat niot xloader

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

niot

Decoy

fiturg.com

hmveol.com

suncoast-services.net

celestialquiltshop.com

orostationdetailing.com

themaneman.net

pealrx.com

cngsalesservices.com

marketingdesalud.com

sltplanner.com

gogetdental.com

losangeleslivesmatter.com

ebizeduexpert.com

unlockyourart.com

idahot1t3.com

collegehoops.net

jeffersoncourt.com

ruixinrj.com

coyoyi.com

streamingct.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
static1/unpack001/35010478a1deb14596e40b68bff541fdf1567b67116de6c8b3146f7352159420	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/35010478a1deb14596e40b68bff541fdf1567b67116de6c8b3146f7352159420

Files

f542cf77472e130606036646114ef61fe38b8c874240a8b8ac59ad0fc1ffdb7f
.zip

Password: infected
35010478a1deb14596e40b68bff541fdf1567b67116de6c8b3146f7352159420
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 156KB - Virtual size: 155KB

.text
Size: 156KB - Virtual size: 155KB