xloader | 220-242-0x0000000010410000-0x0000000010439000-memory[.]dmp

General

Target

220-242-0x0000000010410000-0x0000000010439000-memory.dmp
Size

164KB
MD5

83cb774c0c62690f5b9c1b4498d99014
SHA1

da612f045aadfef6031cf5199ab18a163e344db3
SHA256

d3f4b8fa13bb76cacee63d5cc3b6a9445cd7ff31c920974f756ed8544ace0d94
SHA512

02c3cd796bc03b31131b872b8580937983f380ec56a61411c3ff64d9135cf39fff320144f183dc8ad14f36839b152e66072042336ef412b817a382b8cbc04a34
SSDEEP

3072:QTpfE220vyTdHGM/pvANOhY97Aeiz08wqxRFcaHxE:QtpimM/hMIY97A1z08bzrG

Score

10^/10

rat euv4 xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

euv4

Decoy

anniebapartments.com

hagenbicycles.com

herbalist101.com

southerncorrosion.net

kuechenpruefer.com

tajniezdrzi.quest

segurofunerarioar.com

boardsandbeamsdecor.com

alifdanismanlik.com

pkem.top

mddc.clinic

handejqr.com

crux-at.com

awp.email

hugsforbubbs.com

cielotherepy.com

turkcuyuz.com

teamidc.com

lankasirinspa.com

68135.online

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Files

220-242-0x0000000010410000-0x0000000010439000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB