xloader | c22310e72c4277ee726aca10978a1b24bb4a28854a100f35f8f352e9503779c4N[.]exe

General

Target

c22310e72c4277ee726aca10978a1b24bb4a28854a100f35f8f352e9503779c4N.exe
Size

168KB
MD5

7af29a2e226d163e24d6f91aa2644c90
SHA1

26d2ee7babbf5a50900e991c1ad015377e9799b6
SHA256

c22310e72c4277ee726aca10978a1b24bb4a28854a100f35f8f352e9503779c4
SHA512

990d5cda6b43826084f75f48c534593b6edb9e23bd02a64218c3e258053a3c6d3c7f260ccb14093f829cec6d4f665ef985fd705e9244dfa2e34d1f46305da18b
SSDEEP

3072:6BLJnliVjQ/YNveBcHXMSGNYmiitk3jxmMfyn5i6tqrF:wZu53MSYHntk3jx7+q

Score

10^/10

rat nazb xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

nazb

Decoy

polypixelarmy.com

dppu56.com

prayrowan.com

favoredysxdmg.xyz

swichkickoff.com

suddennnnnnnnnnnn06.xyz

your-own-vpn.com

ban-click.com

digiblogofficial.com

frugaimoms.quest

longoriaamanda.com

moonelegant.com

americanpawnaz.com

riverflowmassage.com

theresnosomedayinbadass.com

sacredsolomon.com

mkperfumy.com

yavastudasuda.net

votewhosright.com

lovetoconnect.net

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c22310e72c4277ee726aca10978a1b24bb4a28854a100f35f8f352e9503779c4N.exe

Files

c22310e72c4277ee726aca10978a1b24bb4a28854a100f35f8f352e9503779c4N.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.rsrc Size: 1024B - Virtual size: 960B

.text
Size: 159KB - Virtual size: 158KB

.rsrc
Size: 1024B - Virtual size: 960B