xloader | 1512-62-0x0000000000400000-0x000000000042C000-memory[.]dmp

General

Target

1512-62-0x0000000000400000-0x000000000042C000-memory.dmp
Size

176KB
MD5

76976385be1d3ea8042ace18a61be08d
SHA1

ed3fb6f548c521d3d8ac40889c21995cacd32066
SHA256

2562137669f6c512150530c30a36cc1f080b4ae04c13fc1287daefe975992603
SHA512

40f459ff6b62cdfa81dbde3a6b8e0059b8b10cccb3d147ad8b4ff162c82157946892841cc2b2958a81218df9bf6b331c84524a2a58efa1c9aa8c330ee33e26fb
SSDEEP

3072:U5HNOiitxcUFTTmB4sWE0fHmyJNdDOK3gOqLhjAic2rZ6bkDdvBrd74kdTdmi:uHN4UUNe47menqK3H6hjAicGwgNtzxd7

Score

10^/10

rat 8gsr xloader

Malware Config

Extracted

Family

xloader

Version

2.8

Campaign

8gsr

Decoy

VyDsQ83LSV2wKF9MLVE6kQ==

OkD8HnkKFIEHj54=

/bcOW0Qo+FjTW4ZkLTHdq1Pu

PfRVb9F/hkYiH0xKLVE6kQ==

myDHBZGBxrGutuPQiD5l5XctSTuwRMTMeQ==

CdSdPxza63Va

oJB3xynee8cwt/7PeuzqRecIwRIpaUj+

4oz8RTo9CqN9dIJV7mQERqaU6Q==

VCHgRnRptb0lVq9/HA==

WPhXd9+InFXlmsyBGU0C/l3mid4=

VfNXj6b1M2Nlfw==

3ahpvLZ5NrWMn9nRsenaRNac6A==

ONxGlHZ7Cmk9YpNgBMP2bvzI2gpUow==

2szaN0kGuTIHKVQ6zFEvyOx94Q==

kE3/qpVWnktD

FxkUbN+Mlj0oR1hB9XFkvEo3q7U6V2g=

Evq+Xz89r289YJpq

0pDk+aGSEy3ocod0

LONItNKVn0pB

bExB9NPRGH/XL7SLO7OsRqaU6Q==

Signatures

Xloader family
xloader
Xloader payload 1 IoCs
rat

Processes:

resource yara_rule

sample xloader

resource	yara_rule
sample	xloader

Files

1512-62-0x0000000000400000-0x000000000042C000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 169KB - Virtual size: 169KB

.text
Size: 169KB - Virtual size: 169KB