xloader | JaffaCakes118_d9b0db2aaa35019207d90db1ef5b69fcce515313c0104c3ac464de6f92dc2039

General

Target

JaffaCakes118_d9b0db2aaa35019207d90db1ef5b69fcce515313c0104c3ac464de6f92dc2039
Size

164KB
MD5

d09d32ea36b1b9ed851b8754017ce2d0
SHA1

329aba12584b4adc36a7fede61acb77d673b91bc
SHA256

d9b0db2aaa35019207d90db1ef5b69fcce515313c0104c3ac464de6f92dc2039
SHA512

31ed7de5f0a4112c0477fe20f2bdb443c5b40df4785c72c06998c814802a238dd7b379358ca070bc2bc13602f12e9038fb6f103cdbf97c7a91f77bda73e2720e
SSDEEP

3072:RSpv2E2zk5Z76iMFptQ6Ndyuuom2mhNfSqLikNYir1sD:RC28fJMFjnNdyuuom2mLxGkc

Score

10^/10

rat d6cd xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

d6cd

Decoy

fatmerlion.com

gpo777.com

pacpointfg.com

s3k9r3de.com

jakitrade.com

tmsweets.biz

goodfoodsme.com

teddydefi.com

banahinvestments.com

kuvinziarno.quest

gma-bea10.com

onepotato.xyz

olympusconstructioncompany.com

amvids.info

tmc.wiki

swiftlybliss.com

provopreserve.com

rsvprose.com

staffremotely.com

diversifiedcontractingla.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_d9b0db2aaa35019207d90db1ef5b69fcce515313c0104c3ac464de6f92dc2039

Files

JaffaCakes118_d9b0db2aaa35019207d90db1ef5b69fcce515313c0104c3ac464de6f92dc2039
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB