xloader | bd43ac9c71550e215e3af5cc64b81b28c5ce7c4234e52bee4a18a2cf570a70ec

General

Target

bd43ac9c71550e215e3af5cc64b81b28c5ce7c4234e52bee4a18a2cf570a70ec
Size

164KB
MD5

4a681af8cf909bdfddb237a9cb2a5788
SHA1

af5989988f2232699b65ccb8ae7f8d1b7aaf5fc1
SHA256

bd43ac9c71550e215e3af5cc64b81b28c5ce7c4234e52bee4a18a2cf570a70ec
SHA512

27b22f3697448b0ddf9e720f6afa8dccd25e6be3333d3d87066d7e26fda694986bb2f2d1bbdf99892a689b66ee4ea3b9da52883868d4dea4ed5466753d431d95
SSDEEP

3072:BVJmOjQWcznQV1DIMTpLzjANYOXnc/sPkNHwvQTZC:B+DWsMT9fANYOs9H4eZ

Score

10^/10

rat nv0a xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

nv0a

Decoy

creativehomesrealty.com

hairshopamity.com

karunahotyoga.com

indialowfare.com

abdulnazar.com

art-handmade.com

videofx.store

onboard-alt-digital-avg.rest

lipe-engineering.com

arthurchatfield.com

keencloset.com

jsyonghui.com

hangwei.tech

price-hype.com

rlandislnteriors.com

junewilderwrites.com

dazhongwenzhai.com

tsnefise17.xyz

2ndmobi.com

natemerritt.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd43ac9c71550e215e3af5cc64b81b28c5ce7c4234e52bee4a18a2cf570a70ec

Files

bd43ac9c71550e215e3af5cc64b81b28c5ce7c4234e52bee4a18a2cf570a70ec
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB