xloader | 2952-331-0x0000000010410000-0x0000000010439000-memory[.]dmp

General

Target

2952-331-0x0000000010410000-0x0000000010439000-memory.dmp
Size

164KB
MD5

4e035e192cc2b1e4855ec1977b80f487
SHA1

73e73b5b67a4816f647dfe05cffebd689dcf4957
SHA256

17d86a06cc1925d088223656587f9912c0a00584dc6f51b26d58593a637d7928
SHA512

10a4261cf057294a6836b8db8ed9bb993f770ccfff4631d1bcc2fd24a74a38b79e19abdc0c06fa781f2972539ab03bc7221e83618051ae14e313ca0b1df4976f
SSDEEP

3072:QTpfE220vyTdHGM/pvANOhY97Aeiz08wqxRFcaHxE:QtpimM/hMIY97AVz08bzrG

Score

10^/10

rat euv4 xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

euv4

Decoy

anniebapartments.com

hagenbicycles.com

herbalist101.com

southerncorrosion.net

kuechenpruefer.com

tajniezdrzi.quest

segurofunerarioar.com

boardsandbeamsdecor.com

alifdanismanlik.com

pkem.top

mddc.clinic

handejqr.com

crux-at.com

awp.email

hugsforbubbs.com

cielotherepy.com

turkcuyuz.com

teamidc.com

lankasirinspa.com

68135.online

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Files

2952-331-0x0000000010410000-0x0000000010439000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB