xloader | JaffaCakes118_fc62803323db081f43a9afd146d4ab05d32b0d13568390f62a198f4cffa0a199

General

Target

JaffaCakes118_fc62803323db081f43a9afd146d4ab05d32b0d13568390f62a198f4cffa0a199
Size

192KB
MD5

ca85e3beca3066cabfa5a4131a7b90d4
SHA1

f05d2f89e5023560c90c6ad6f34d8ec7675ff57f
SHA256

fc62803323db081f43a9afd146d4ab05d32b0d13568390f62a198f4cffa0a199
SHA512

c972741b2e96a0c8382a8e780a2a9e1569ce0ef17296b08625e04e9dcc795a69f49cd8f7bf4b00e5d43a58d69bbad4aafeb544bf786e7e256a4618c2bcc00d1b
SSDEEP

3072:mdzhYI0x+yDunBmWQJ1tjUP2PMyZvzVnqu5PHvCt953CYN6zk6vj:mYbQnBA1tQ2PjZvzVnqu5v6RQzlv

Score

10^/10

rat pzja xloader

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

pzja

Decoy

xyhj066.top

dottorecannabis.com

simonsatelier.com

jasmmine.design

bestblenders.wiki

curatedbynicole.com

fzjyhb.com

fusersing.com

madererapaloalto.com

distancelearningth.com

nmgxb.com

daetadomains.com

zlsy99.com

maqaminternational.com

etchoftexas.com

yedr5ch.xyz

bowenisland.realestate

tarotkory.com

greaterstlukedisciplechurch.com

sw-game.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_fc62803323db081f43a9afd146d4ab05d32b0d13568390f62a198f4cffa0a199

Files

JaffaCakes118_fc62803323db081f43a9afd146d4ab05d32b0d13568390f62a198f4cffa0a199
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 166KB - Virtual size: 166KB

.rsrc Size: 18KB - Virtual size: 17KB

.text
Size: 166KB - Virtual size: 166KB

.rsrc
Size: 18KB - Virtual size: 17KB