xloader | 704-62-0x0000000000400000-0x0000000000429000-memory[.]dmp

General

Target

704-62-0x0000000000400000-0x0000000000429000-memory.dmp
Size

164KB
MD5

54290f9c1cf30274b49a8498739141a2
SHA1

f0242c13102464acaa650bffdcfa4789940ed7f7
SHA256

358bf6a43ac07dee79f3f3bf026be3b37d9b6ffc4ffbbcd5142ecc1373cf0155
SHA512

74303538e11193359b42cff3d56479533479ed45f71163e0facd5fbe7b1c4772f477b164b10a8c0bd3caac94f90e6d625697738ff2422e7836efc4caaab3a810
SSDEEP

3072:1ufJojjgkRy7zScCcMJxWW2etsNso0b3aQuDuLY2Mm8bUBrw:1u6iacfMJkhSsNso0DajuLIPyc

Score

10^/10

rat c6si xloader

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

c6si

Decoy

tristateinc.construction

americanscaregroundstexas.com

kanimisoshiru.com

wihling.com

fishcheekstosa.com

parentsfuid.com

greenstandmarket.com

fc8fla8kzq.com

gametwist-83.club

jobsncvs.com

directrealtysells.com

avida2015.com

conceptasite.net

arkaneattire.com

indev-mobility.info

2160centurypark412.com

valefloor.com

septembership.com

stackflix.com

jimc0sales.net

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
704-62-0x0000000000400000-0x0000000000429000-memory.dmp

Files

704-62-0x0000000000400000-0x0000000000429000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 159KB - Virtual size: 158KB

.text
Size: 159KB - Virtual size: 158KB