xloader | 1028-75-0x0000000000400000-0x000000000042B000-memory[.]dmp

General

Target

1028-75-0x0000000000400000-0x000000000042B000-memory.dmp
Size

172KB
MD5

8e9ee5c521e6a210832af71bfbdba8a7
SHA1

da017d3ef9f16424612267c4b21c646f8a809740
SHA256

1fa17f6996cc7efdabe3099d0543ec457cff4f54d246c089d6d7dd8e72eee1c9
SHA512

986544dc4ca7766f9bfed0e49376ed62b789ad7075df0194639de9200b8641aecabbb965917a1d35cc5faff7a3f4d203431e88c9dedd57f6230a60a96a42786d
SSDEEP

3072:OMBmTdohDk0YLE8osWIzs3LUORmddxkXfrgp8KFSI7QF9MUVm6tOMx:Oc5hDZgoYs3odzMDgpNFSEQF6UVmWOk

Score

10^/10

rat arh2 xloader

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

arh2

Decoy

hstorc.com

blackountry.com

dhrbakery.com

dezhouofit.com

defipayout.xyz

ginas4t.com

byzbh63.xyz

qrcrashview.com

mialibaby.com

enhaut.net

samainnova.com

yashveerresort.com

delfos.online

dungcumay.com

lj-counseling.net

fliptheswitch.pro

padogbitelawyer.com

aticarev.com

sederino.site

bestplansforpets-japan3.life

Signatures

Xloader Payload 1 IoCs
rat

Processes:

resource yara_rule

sample xloader
Xloader family
xloader

resource	yara_rule
sample	xloader

Files

1028-75-0x0000000000400000-0x000000000042B000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 167KB - Virtual size: 166KB

.text
Size: 167KB - Virtual size: 166KB