xloader | 6b9d1c505e955584fa994b876483dcdbffc63a6bb58d5513996d4cd0a00bfc6e

General

Target

6b9d1c505e955584fa994b876483dcdbffc63a6bb58d5513996d4cd0a00bfc6e
Size

164KB
MD5

d2fd9b317dc1f83c7c15f9f33ad5b7a2
SHA1

fe0c53195e99505faa65429fb7a2488a5564fe93
SHA256

6b9d1c505e955584fa994b876483dcdbffc63a6bb58d5513996d4cd0a00bfc6e
SHA512

cd1bd43d0239abc86d7452d8077172e383cb8138ec9b1f70f672b44e6accf857e8a9da6f4534e09a28949f66f1693e4bb720ddf3aae0112e5ca6bfbb77aa8284
SSDEEP

3072:ZPJ+cjn6N8XSPZtVMZnO5wqkk+jXdnptfcHOBVX947xcsz6kdA+B+JrhAba:ZMUWXMZY/k3jXdnpt0m2xldNBOrh

Score

10^/10

rat sm3d xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

sm3d

Decoy

malleegum.com

geewhiz-designs.net

chuahoinach.net

dugerits.com

agldcoin.com

laxmanblog.com

hopesmluckyenterprises.com

revisaodosite.com

totobo333.com

spsil.ltd

impffrei-reisen.net

nftthirteen.com

cuperto.info

lecrindebroceliande.com

lanyardistry.com

artem-artemov.com

cryptonomiccert.com

passiverewardsystems.net

starganzafashion.com

3dotshub.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6b9d1c505e955584fa994b876483dcdbffc63a6bb58d5513996d4cd0a00bfc6e

Files

6b9d1c505e955584fa994b876483dcdbffc63a6bb58d5513996d4cd0a00bfc6e
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB