xloader | 3116-294-0x0000000010410000-0x000000001043B000-memory[.]dmp

General

Target

3116-294-0x0000000010410000-0x000000001043B000-memory.dmp
Size

172KB
MD5

642b7a77d7f460fb03d4ecb87d7388ec
SHA1

e2835d16e8a5c1546a7d94b0b5525b7adb7497c6
SHA256

967c0bba69ab01fc81c5a77c7a75a6ea3d7ff52e6367a35c67da814f3237d1b5
SHA512

6e98e31b1e15c55a9a8fa3bd8df1344cc35fbf9706bd5743b46189303e1872fc88bf3329c3d04721787de3f5cc77ab9271d425375de7acdeee486f436e186e86
SSDEEP

3072:YyBTloLdN+pcW0w/ZBmWs81zQUQsolaoJN4NO57Xg8ryHu:Yyc5NyN/ZBx1zEdYoJN4NOdXgoyHu

Score

10^/10

rat uj3c xloader

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

uj3c

Decoy

copimetro.com

choonchain.com

luxxwireless.com

fashionweekofcincinnati.com

campingshare.net

suncochina.com

kidsfundoor.com

testingnyc.co

lovesoe.com

vehiclesbeenrecord.com

socialpearmarketing.com

maxproductdji.com

getallarticle.online

forummind.com

arenamarenostrum.com

trisuaka.xyz

designgamagazine.com

chateaulehotel.com

huangse5.com

esginvestment.tech

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Files

3116-294-0x0000000010410000-0x000000001043B000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 167KB - Virtual size: 166KB

.text
Size: 167KB - Virtual size: 166KB