xloader | 3372-242-0x0000000010410000-0x0000000010439000-memory[.]dmp

General

Target

3372-242-0x0000000010410000-0x0000000010439000-memory.dmp
Size

164KB
MD5

ec9ccf3a5034158ddfd6890808bb4cac
SHA1

4019ae0f4a945188a828a3d31ced8cce65cb84b4
SHA256

45080e15c62eab4e5662fef38ab36ebb0d7498874aef2b0503f645427f8d0cb9
SHA512

3723e2587aa66958b4efbbdfeb390ac9d376e3b196fe980a6e9381201ea0818d5f346c5d0c9292da9f4b685fb081ec0de41f5a623e4265356d94c7beaa477f1c
SSDEEP

3072:QTpfE220vyTdHGM/pvANOhY97AeJz08wqxRFcaHxE:QtpimM/hMIY97Aiz08bzrG

Score

10^/10

rat euv4 xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

euv4

Decoy

anniebapartments.com

hagenbicycles.com

herbalist101.com

southerncorrosion.net

kuechenpruefer.com

tajniezdrzi.quest

segurofunerarioar.com

boardsandbeamsdecor.com

alifdanismanlik.com

pkem.top

mddc.clinic

handejqr.com

crux-at.com

awp.email

hugsforbubbs.com

cielotherepy.com

turkcuyuz.com

teamidc.com

lankasirinspa.com

68135.online

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Files

3372-242-0x0000000010410000-0x0000000010439000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB