xloader | a7c9cb76f59e30f310f76b1a9c929199387d167e5acd2d27145c9b63293eedceN[.]exe

General

Target

a7c9cb76f59e30f310f76b1a9c929199387d167e5acd2d27145c9b63293eedceN.exe
Size

164KB
MD5

5cbf1970f9b0a951f4b9c957f4724800
SHA1

713ed8998c8de86138dc92539aad011cb989a6a1
SHA256

a7c9cb76f59e30f310f76b1a9c929199387d167e5acd2d27145c9b63293eedce
SHA512

ecc0fc59414a795f4cb22521e59a80085d1ea133a89b39a074a7e66ded13e7e215bb45960e82a07cff37e5ba7164728561c10c8b7ed82f107077c4de3384cbb7
SSDEEP

3072:tJHO0io2Hv0Vjv7MRDKCjGyNLT7cLgL8U/t051g:nOlITMROMVNLT7cLo8UlA1

Score

10^/10

rat qatv xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

qatv

Decoy

sexycurvycool.com

webundefinedstaging.website

gaspeehaze.com

adomnaturals.com

best10canadianreviews.info

nikekogan.com

5537sbishop.info

khonnaisoi.com

cures8t.com

garthoaks.com

belvederepharmagroup.com

chivo.plus

qishanlin.top

ccjon1.com

biz-financeagency.com

bdqimeng88.top

3-little-pigs.com

ord13route.art

webku-trial.xyz

ncgf28.xyz

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a7c9cb76f59e30f310f76b1a9c929199387d167e5acd2d27145c9b63293eedceN.exe

Files

a7c9cb76f59e30f310f76b1a9c929199387d167e5acd2d27145c9b63293eedceN.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB