xloader | 924-385-0x0000000010410000-0x000000001043B000-memory[.]dmp

General

Target

924-385-0x0000000010410000-0x000000001043B000-memory.dmp
Size

172KB
MD5

c5d62b44fea0858a721b16d2159f6fec
SHA1

b403837f095341dea63b03e08aa7e3766530e95e
SHA256

96678af8f37503af7c3c5a1d174b65b819d399882561d04e14f101ea5ed5bc81
SHA512

eba72556c8d221c04de0e57a14b11be20d1d9c7e4d8b7c0c1cb9066b6e95903022618192263e30967581fc4e63508a4f472bc9540b04d29f9d35ef89a4cc3d68
SSDEEP

3072:YyBTloLdN+pcW0w/ZBmWs81zQUQsolaoJN4ND57Xg8ryHu:Yyc5NyN/ZBx1zEdYoJN4NDdXgoyHu

Score

10^/10

rat uj3c xloader

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

uj3c

Decoy

copimetro.com

choonchain.com

luxxwireless.com

fashionweekofcincinnati.com

campingshare.net

suncochina.com

kidsfundoor.com

testingnyc.co

lovesoe.com

vehiclesbeenrecord.com

socialpearmarketing.com

maxproductdji.com

getallarticle.online

forummind.com

arenamarenostrum.com

trisuaka.xyz

designgamagazine.com

chateaulehotel.com

huangse5.com

esginvestment.tech

Signatures

Xloader family
xloader
Xloader payload 1 IoCs
rat

Processes:

resource yara_rule

sample xloader

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
924-385-0x0000000010410000-0x000000001043B000-memory.dmp

Files

924-385-0x0000000010410000-0x000000001043B000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 167KB - Virtual size: 166KB

.text
Size: 167KB - Virtual size: 166KB