xloader | 661bc869d44945a8cfc681e6f8f2c9fe1c352ab983bf8d8ad0676cc57493ac47

General

Target

661bc869d44945a8cfc681e6f8f2c9fe1c352ab983bf8d8ad0676cc57493ac47
Size

163KB
MD5

530dce2f8c7d77d8c24946833b91213f
SHA1

06bae2812c4013e9ba76667265b4e1350652a911
SHA256

661bc869d44945a8cfc681e6f8f2c9fe1c352ab983bf8d8ad0676cc57493ac47
SHA512

e8a12bdb443466f94b374dd865178954825a5284db2e82e55826865050a8da2c8a7c2a88564052c128a47c53ef9b0aaa231a361912cbea9c4af739413add6f4a
SSDEEP

3072:uuJvrjpGHxlv0aJ7ykXMdntC72fdJ6NBRoVFwp52C30U1:umKUGMdtIydJ6NBRsS30w

Score

10^/10

rat b0us xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

b0us

Decoy

wxoi.xyz

boss-note-to-look-today.info

rxgmarket.com

vyfstudio.com

insularrofioa.xyz

psikologtenaysude.com

hepatitiscsignssymptoms.space

toadvalleyfarm.com

rhinobeds.com

joystoreworld.com

wethinky.com

cucciolamores.com

finansresultation.com

criptodigital.online

cave21shop.com

ryannaat.xyz

xn--ngbr0em.com

olympiaapartment.com

asrendo.com

dashmints.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
661bc869d44945a8cfc681e6f8f2c9fe1c352ab983bf8d8ad0676cc57493ac47

Files

661bc869d44945a8cfc681e6f8f2c9fe1c352ab983bf8d8ad0676cc57493ac47
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB