xloader | 1556-59-0x0000000000400000-0x0000000000429000-memory[.]dmp

General

Target

1556-59-0x0000000000400000-0x0000000000429000-memory.dmp
Size

164KB
MD5

dc26f912ddfbd375c3ab80c3be5fd50f
SHA1

7f26154d452f0bb2ed065481ae3a23d1aa98173e
SHA256

bcd367e23b9e5f2aab667e9298ce649a7922c6fba753253f295cf3d2bfd677a6
SHA512

034504f5fad9b32f021265ecbfa87861eb18957a930f28a08a4fc8a50c286227d30c8b4343769137c0f31f309c3b65d92e363713b4488a2e227d57caef1b08ae
SSDEEP

3072:q5pGMu2UDZFyBESMfTtSg0tw9rWJzEcYC3Jua3OOOpgNHbYWYJ:qiT0XMfpj0tw9rW9Ei5j3d9Yn

Score

10^/10

rat be4o xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

be4o

Decoy

neonewway.club

kuanghong.club

7bkj.com

ooo-club.com

kamchatka-agency.com

sjsndtvitzru.mobi

noireimpactcollective.net

justbe-event.com

easypeasy.community

southcoast.glass

janhenningsen.com

jmxyjj.com

tarihibilet.com

nagradi7.com

percentrostered.net

certvaxid.com

kingseafoodsydney.com

blacksheepwalk.com

waktuk.com

inteligenciaenrefrigeracion.com

Signatures

Xloader Payload 1 IoCs
rat

Processes:

resource yara_rule

sample xloader
Xloader family
xloader

resource	yara_rule
sample	xloader

Files

1556-59-0x0000000000400000-0x0000000000429000-memory.dmp
.exe windows x86

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Code Sign

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB