xloader | 91b0182f381aabbca565525a9606460a9d02863a1797e5c774088d46a6025f76

General

Target

91b0182f381aabbca565525a9606460a9d02863a1797e5c774088d46a6025f76
Size

160KB
MD5

1ca091bdcca1a0ea8cdb707ff2d069da
SHA1

34d2df1ac3eb5605ef4a5865d9d00980e5437531
SHA256

91b0182f381aabbca565525a9606460a9d02863a1797e5c774088d46a6025f76
SHA512

e03c037792e4bcd485ee2962495bc7b89c87dc53e9ce144f52376cd23cd14b76d225692dbb656314964dcb1e20b0b373b34bfb039baa6f2e36ca3aff9501decf
SSDEEP

3072:5ZBq0c6gQ/qI4rQo4j1PHrFf+baIH7VO5dUdYkVo0s8gT4GNefG:5m09Wco4hvhfKrBO5dUdYkVo0usfG

Score

10^/10

rat mej0 xloader

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

mej0

Decoy

mtxs8.com

quickskiplondon.com

sltplanner.com

generatedate.com

amsinspections.com

tomrings.com

109friends.com

freelovereading.com

avalapartners.com

nordiqueluxury.com

inmbex.com

everybankatm.com

bo1899.com

ashymeadow.com

pubgm-chickendinner.com

takudolunch.com

carlagremiao.com

actonetheatre.com

wemhealth.com

khasomat.net

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
91b0182f381aabbca565525a9606460a9d02863a1797e5c774088d46a6025f76

Files

91b0182f381aabbca565525a9606460a9d02863a1797e5c774088d46a6025f76
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 156KB - Virtual size: 156KB

.text
Size: 156KB - Virtual size: 156KB