xloader | 1932-63-0x0000000000400000-0x0000000000429000-memory[.]dmp

General

Target

1932-63-0x0000000000400000-0x0000000000429000-memory.dmp
Size

164KB
MD5

87e92fd765c4660771e4a70a396c5b6d
SHA1

f3c7af1ffef3fe22a176fd73ed865b5303c2ba27
SHA256

c9506fe4bd60abb409df70c0870b28a1aed8960284fd42e02d883ba887928aea
SHA512

cc8c079ff4429f82800557b158f4d8f7e643721d524a3e0c87bdd906cdaf1a0a7533716c626ef66bde4bb2b177e398746b7e0eedb4a8c28fa7f16a3c5fa24fb8

Score

10^/10

rat cbgo xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

cbgo

Decoy

santesha.com

britneysbeautybar.com

sh-cy17.com

jeffcarveragency.com

3117111.com

sobrehosting.net

ddm123.xyz

toxcompliance.com

auditorydesigns.com

vliftfacial.com

ielhii.com

naameliss.com

ritualchariot.com

solchange.com

quatre-vingts.design

lawnmowermashine.com

braceletsstore.net

admappy.com

tollivercoltd.com

vaidix.com

Signatures

Xloader Payload 1 IoCs
rat

Processes:

resource yara_rule

sample xloader
Xloader family
xloader

resource	yara_rule
sample	xloader

Files

1932-63-0x0000000000400000-0x0000000000429000-memory.dmp
.exe windows x86

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Code Sign

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB