xloader | e70c9a1dc3928409f30d6bb6db03ad27b2b7ceb5e37613b1228c035ed500a8f6[.]exe

General

Target

e70c9a1dc3928409f30d6bb6db03ad27b2b7ceb5e37613b1228c035ed500a8f6.exe
Size

164KB
MD5

c983743817991ecf524d6aaf860a2d64
SHA1

a8c1950e63fceff1073d511b265387f3759bacbb
SHA256

e70c9a1dc3928409f30d6bb6db03ad27b2b7ceb5e37613b1228c035ed500a8f6
SHA512

b3fc89dbda1b1795344dcddc940adbe575b8c970e8f88f3a18152aa27c2e16ee5f4ccceab366790a88021bf76ab2832c8d5018a5e09020cd2e2b53506482fdc6
SSDEEP

3072:tJHO0io2Hv0Vjv7MRDKCjGyNLT7cLgL8U/t051gb:nOlITMROMVNLT7cLo8UlA1M

Score

10^/10

rat qatv xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

qatv

Decoy

sexycurvycool.com

webundefinedstaging.website

gaspeehaze.com

adomnaturals.com

best10canadianreviews.info

nikekogan.com

5537sbishop.info

khonnaisoi.com

cures8t.com

garthoaks.com

belvederepharmagroup.com

chivo.plus

qishanlin.top

ccjon1.com

biz-financeagency.com

bdqimeng88.top

3-little-pigs.com

ord13route.art

webku-trial.xyz

ncgf28.xyz

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e70c9a1dc3928409f30d6bb6db03ad27b2b7ceb5e37613b1228c035ed500a8f6.exe

Files

e70c9a1dc3928409f30d6bb6db03ad27b2b7ceb5e37613b1228c035ed500a8f6.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB