xloader | 758b9e71b7bb319d47ab4f8083e95c036030aa1d37eb492e9ab8b673b04ffad1N[.]exe

General

Target

758b9e71b7bb319d47ab4f8083e95c036030aa1d37eb492e9ab8b673b04ffad1N.exe
Size

160KB
MD5

527c33774026835e55d7df64804e2f20
SHA1

7cfeca846859b3e336d61ac80ffe5ed2243f8b4b
SHA256

758b9e71b7bb319d47ab4f8083e95c036030aa1d37eb492e9ab8b673b04ffad1
SHA512

dbe6ba11a3962aa1b72d2a25fdccaf57c0f11c3cb3d8b6e25da1ed3c938fe5869d83e3aff2949cc5308bbd31664d11ad8c1f1f4f8d5cd67c2a2916cbaecf8565
SSDEEP

3072:EBjYvjX6jjyNuloSQvBUe0aYLDpDsOoc0+OzrTAvRFpm1P0:o/22oSmWHaY3pAOoc0+OLCRG6

Score

10^/10

rat udew xloader

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

udew

Decoy

danieleawilliams.com

miladjalilian.com

hzmila.com

elecreator.com

instrep.com

4tongzhi.com

sltreeserv.com

expressrev.com

dataresearchcenter.com

filmblingalley.com

3buagency.com

hxjh888.com

gotmetwistedcomb.com

vihco.com

scg.solutions

drcvkm.com

frostresorts.com

gintech.co.uk

luxury-holding.com

roupasdobras.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
758b9e71b7bb319d47ab4f8083e95c036030aa1d37eb492e9ab8b673b04ffad1N.exe

Files

758b9e71b7bb319d47ab4f8083e95c036030aa1d37eb492e9ab8b673b04ffad1N.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 156KB - Virtual size: 155KB

.text
Size: 156KB - Virtual size: 155KB