xloader | 4efc0a1d99fd001605ea6d8960268bf5357c78fd03ef10afe758d07d2d1822b5

General

Target

4efc0a1d99fd001605ea6d8960268bf5357c78fd03ef10afe758d07d2d1822b5
Size

164KB
MD5

cd45ac41c8a3a192f0ca4c177f468390
SHA1

3b9685dce15eb65a5de8627340030534ee6fa27b
SHA256

4efc0a1d99fd001605ea6d8960268bf5357c78fd03ef10afe758d07d2d1822b5
SHA512

f496ed5fdf4107a13b3bf48e9e453506aa064a05d82fc600c6d2bbad75c94568456fc5b707da8fc7c1a4fa2d8618fa1167a58834267af337b01b27616744f408
SSDEEP

3072:gbJJgjw2o/zv/3s6MCfleDGItemEfRoWSeHnly7jkNz/f:g7lT3jMCdQGItemmSeHc7job

Score

10^/10

rat h85e xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

h85e

Decoy

escvillage.com

planetacarballo.com

alexandercaron.com

yeslic.com

muckymitts.com

constructionsdhblais.com

1iheuz.cloud

jonathanandlola.info

quantumweave.com

flippingmetro.com

ledytj.com

tender.guru

icatercookouts.com

liegeart.com

ibizaeyewear.com

micrkindom.com

sorialab8.online

spiritueleonlinetraining.online

teguhbestari.com

areservice.center

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4efc0a1d99fd001605ea6d8960268bf5357c78fd03ef10afe758d07d2d1822b5

Files

4efc0a1d99fd001605ea6d8960268bf5357c78fd03ef10afe758d07d2d1822b5
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB