Overview

overview

10

Static

static

1

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b32448dbeec13e1eb23e55a57ffc06f9dfc8fd44687e19fc0be1c4fbabc10abb

  • Size

    253KB

  • Sample

    210920-pe3vqaeag6

  • MD5

    dfbd95b518ecc9178415c3b24078c94f

  • SHA1

    6881c018ddf6fcbd775c92bb897967408f0f504a

  • SHA256

    b32448dbeec13e1eb23e55a57ffc06f9dfc8fd44687e19fc0be1c4fbabc10abb

  • SHA512

    981c786a7f8688574de78b1c722126456307e56d0ca6c22a1e06ff73dd9fcc13c94767caddcb61d0600e793cb9ef00b21f97e581949d194fbe00d65d7f2509db

Score
10/10
xloaderm0nploaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

m0np

C2

http://www.devmedicalcentre.com/m0np/

Decoy

gruppovimar.com

seniordatingtv.com

pinpinyouqian.website

retreatreflectreplenish.com

baby-handmade.store

econsupplies.com

helloaustinpodcast.com

europe-lodging.com

ferahanaokulu.com

thehomeinspo.com

rawhoneytnpasumo6.xyz

tyckasei.quest

scissorsandbuffer.com

jatinvestmentsmaldives.com

softandcute.store

afuturemakerspromotions.online

leonsigntech.com

havetheshortscovered.com

cvkf.email

iplyyu.com

Targets

    • Target

      b32448dbeec13e1eb23e55a57ffc06f9dfc8fd44687e19fc0be1c4fbabc10abb

    • Size

      253KB

    • MD5

      dfbd95b518ecc9178415c3b24078c94f

    • SHA1

      6881c018ddf6fcbd775c92bb897967408f0f504a

    • SHA256

      b32448dbeec13e1eb23e55a57ffc06f9dfc8fd44687e19fc0be1c4fbabc10abb

    • SHA512

      981c786a7f8688574de78b1c722126456307e56d0ca6c22a1e06ff73dd9fcc13c94767caddcb61d0600e793cb9ef00b21f97e581949d194fbe00d65d7f2509db

    Score
    10/10
    xloaderm0nploaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks