xloader | 1900-134-0x0000000000400000-0x0000000000429000-memory[.]dmp

General

Target

1900-134-0x0000000000400000-0x0000000000429000-memory.dmp
Size

164KB
MD5

af5dad3a2c7090b6138fa0387a9d621f
SHA1

9820ae169e437e0f43c9271e00b8f8a58ecc4be7
SHA256

db19b1fc37285cbd2a792c3fe965ea7e7cb669c14d694f258ebc0717ba01c0dd
SHA512

612ec13accd94c8a41ce1b3b4675bbc2f4fcc58213478de72456ebf53ee9e5231a0bafaf01b41c985ad4ba9f871df9aaa9491b7e457f77426542a64a9966ae7d
SSDEEP

1536:HRvQJui1UNw2aXHSDlSX72T7+NyEXoo898ulyMrXD+YRHtgMcduBhPtO0/D8igJ:6JuAZ2amXap4yMrzXLcktjwiQAegUaw

Score

10^/10

rat zqzw xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

zqzw

Decoy

laurentmathieu.com

nohohonndana.com

hhmc.info

shophallows.com

blazebunk.com

goodbridge.xyz

flakycloud.com

bakermckenziegroups.com

formation-adistance.com

lovingearthbotanicals.com

tbrservice.plus

heritagehousehotels.com

drwbuildersco.com

lacsghb.com

wain3x.com

dadreview.club

continiutycp.com

cockgirls.com

48mpt.xyz

033skz.xyz

Signatures

Xloader Payload 1 IoCs
rat

Processes:

resource yara_rule

sample xloader
Xloader family
xloader

resource	yara_rule
sample	xloader

Files

1900-134-0x0000000000400000-0x0000000000429000-memory.dmp
.exe windows x86

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Code Sign

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB