xloader | 2896-292-0x0000000050410000-0x000000005043B000-memory[.]dmp

General

Target

2896-292-0x0000000050410000-0x000000005043B000-memory.dmp
Size

172KB
MD5

aba9184b29a7ee34e19e1a7f73bb8b79
SHA1

bc597bbeab6f46b72b53828a6c0a94e33df374f0
SHA256

8656d6d52b8eabd647a0f1c7e1a5a6107aff3ec8f211b3416d98f37929b412f6
SHA512

10a7209696189beb87f90726f0e51d491ad8e7fda0cf558f593a88e8a89311d411bbac2261cb46e4e45bbc19a0209db52feb45c06796c9e4b385d11857458d69
SSDEEP

3072:YyBTloLdN+pcW0w/ZBmWs81zQUQsolaoJN4N/57Xg8ryHu:Yyc5NyN/ZBx1zEdYoJN4N/dXgoyHu

Score

10^/10

rat uj3c xloader

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

uj3c

Decoy

copimetro.com

choonchain.com

luxxwireless.com

fashionweekofcincinnati.com

campingshare.net

suncochina.com

kidsfundoor.com

testingnyc.co

lovesoe.com

vehiclesbeenrecord.com

socialpearmarketing.com

maxproductdji.com

getallarticle.online

forummind.com

arenamarenostrum.com

trisuaka.xyz

designgamagazine.com

chateaulehotel.com

huangse5.com

esginvestment.tech

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Files

2896-292-0x0000000050410000-0x000000005043B000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 167KB - Virtual size: 166KB

.text
Size: 167KB - Virtual size: 166KB