xloader | JaffaCakes118_3d87611f84512f886ae3ff011912530a6f0cef747ae0a2f14d1c703da6244357

General

Target

JaffaCakes118_3d87611f84512f886ae3ff011912530a6f0cef747ae0a2f14d1c703da6244357
Size

168KB
MD5

086df4da121e0a6928e4a762c7b96cfa
SHA1

53943c5d3c4107f27bafde154e997f989e2549e9
SHA256

3d87611f84512f886ae3ff011912530a6f0cef747ae0a2f14d1c703da6244357
SHA512

ef1d60a0b66618a70471bc624d76125648e4769401e121e6103c2f25e46b2bdd8fcbcdf6b8ce21bf2964a0b971a5ccdf836bc1f92326e87fa4a3254fbff20591
SSDEEP

3072:FAxpd12O6ZklHlMa5IXS8dwcG6TQW7axxcddVZSZDEMWA:FApYOFMa6i8dwz6T/7uxC/cZDM

Score

10^/10

rat dgrg xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

dgrg

Decoy

iot-vn.com

gamiteisnowjoyned.com

ak8flfqzm8.com

daliborkokic.com

mrk-9.com

tanzibkarate.quest

mburmtdvccti.mobi

thomas-wildlife-control.com

thebritenseries.com

hkkbags.com

redenyl.com

resilientbutterfly.com

nicethelab.com

xn--1lq90isray30ltdc.xn--czru2d

cyberews.net

naclepin2a.xyz

rodrigocoppa.com

hightings.com

chamaaibrasil.com

bdelsaer.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_3d87611f84512f886ae3ff011912530a6f0cef747ae0a2f14d1c703da6244357

Files

JaffaCakes118_3d87611f84512f886ae3ff011912530a6f0cef747ae0a2f14d1c703da6244357
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.rsrc Size: 1024B - Virtual size: 960B

.text
Size: 159KB - Virtual size: 158KB

.rsrc
Size: 1024B - Virtual size: 960B