xloader | 3de2e07301117ecd6e23da0119043a0c6011bbd5e128cad5447f1abd73d8f3da

General

Target

3de2e07301117ecd6e23da0119043a0c6011bbd5e128cad5447f1abd73d8f3da
Size

164KB
MD5

c82ce539804ceb8c22515b111102eaa3
SHA1

21a7cb40ac68e8392a35d52528ec29a45aa9b0bb
SHA256

3de2e07301117ecd6e23da0119043a0c6011bbd5e128cad5447f1abd73d8f3da
SHA512

32050037e1769180dff3735d339d9952db938ad38b3a1b2e138df3b748d34715e9b1a97854e14539e9f95f8a76bc4c2cc09b9c8872aebe90f767fff115fedc96
SSDEEP

3072:vuMJU/kj+Z0fS9ql6HMeRJx0MULuM79XHJQt3Xm5CxSbVthFtSnsh:vu7UPEMe/WMrM795MMgcbhPS

Score

10^/10

rat c0a7 xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

c0a7

Decoy

nielsqanalytics.net

mmgaleria.com

rejection.xyz

lehome.store

dijaminoriginal.online

matthewwickersham.com

maanetv.com

instantsave.net

888dj8v.com

behere.xyz

deeperthanmotivation.com

shoponly7seconds.com

bohemiabougies.com

cyrusthegreatbarber.com

liftizy.com

kcarats.com

egremlinart.com

karbonkorea.com

syedaakanwal.xyz

campikitai.today

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3de2e07301117ecd6e23da0119043a0c6011bbd5e128cad5447f1abd73d8f3da

Files

3de2e07301117ecd6e23da0119043a0c6011bbd5e128cad5447f1abd73d8f3da
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB