xloader | 1324-62-0x0000000000400000-0x0000000000428000-memory[.]dmp

General

Target

1324-62-0x0000000000400000-0x0000000000428000-memory.dmp
Size

160KB
MD5

7130abe8b9e7dcea815c81ba8d5e629f
SHA1

c155c4ee14f91f5ac61c4089d59b7ac18a88f8ab
SHA256

2a94116a769e006b759819f5d592073dd27d4726b38076a550557a9a5dfb5bc5
SHA512

f39d00fde2655b62f529b25fca5a00f15b24a233df70d5bb646483cb1eb959e3b644578c8451401fbe76511d2dcb13dfaa4934677a32e193f075e79967ffcaee
SSDEEP

3072:rBksv0vAsrcUJUoPHi9Umct28fqDOvddNYfYy0UORE0LX24uX15REoF:Sv5uoPCyf286OvddNOkm4SzRZF

Score

10^/10

rat ugk8 xloader

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ugk8

Decoy

okrmeritacademy.com

loseclick.com

geometryoutspoken.life

crimean-legend.online

thatshiphassunk.com

thelandsmithandco.com

cosmic-awakening.com

alterdrafts.com

safercheckin.com

trevorgray.art

thetracerpro.com

fuckyoucarsonblock.com

nan-ala-la.com

gurumyles.com

paccospizza.com

manggonfah.com

cakepiping.com

culturenails.com

on6energybooster.com

212designs.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Files

1324-62-0x0000000000400000-0x0000000000428000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 156KB - Virtual size: 155KB

.text
Size: 156KB - Virtual size: 155KB