xloader | 1340-59-0x0000000000400000-0x000000000042B000-memory[.]dmp

General

Target

1340-59-0x0000000000400000-0x000000000042B000-memory.dmp
Size

172KB
MD5

834f5c6f32052fe3a63179e4902ea42c
SHA1

e0ab4543cd4ce2b280c351fa80b22ccfb841b0e9
SHA256

102603789a44288fe4f55633978e283f2ad7dd77b6648f9556506f2079a5c33b
SHA512

d66db277736ec764da1426ff7ab2070f751af2763ca6edff5834cf0f26acf6fc45bb9ef13bd66bba26c958771de46e4aa6f509b2272c5694f23b641c84f84f1d
SSDEEP

3072:Nu+Tho89teE5A3LBmWTr1vxU+5xfh2W5WbS9v5qqyCv1KoSJDAtg:Nu98rG3LBv1v3BAW5ASvqpCd1OAy

Score

10^/10

rat be4o xloader

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

be4o

Decoy

laboratoriobioixcha.com

tictocperushop.online

wild-oceans.com

belaruscountry.com

kicktmall.com

fitcoinweb.tech

mores.one

gogear.one

gxrcksy.com

samrcq.com

impossible-icecream.com

bravesxx.com

bookchainart.com

sleepsolutionsofmboro.com

ocbrazilbusinessclub.com

advisor76.xyz

xitaotech.com

mgsdtytifgf3414.xyz

johnson-brown.net

cr3drt.com

Signatures

Xloader Payload 1 IoCs
rat

Processes:

resource yara_rule

sample xloader
Xloader family
xloader

resource	yara_rule
sample	xloader

Files

1340-59-0x0000000000400000-0x000000000042B000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 167KB - Virtual size: 166KB

.text
Size: 167KB - Virtual size: 166KB