Overview

overview

10

Static

static

1

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8a95ac711537aeb1c93c61e541077005f5226e4150c2669742d1b612cfc25788

  • Size

    249KB

  • Sample

    210921-dvletsfhe9

  • MD5

    4a1f2305b60236d5c00c871a92a9a693

  • SHA1

    ca9c84820c9960d0c294e684be2acb11736ccfd1

  • SHA256

    8a95ac711537aeb1c93c61e541077005f5226e4150c2669742d1b612cfc25788

  • SHA512

    43846983e68ce4eba961ea7bfc3d1816da756c411e27aac47d7bd38e15b05271bb51d768f5c2a1d70d883f35ce3297b768df51223b7eb536c4e700bc6b6a3811

Score
10/10
xloaderm0nploaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

m0np

C2

http://www.devmedicalcentre.com/m0np/

Decoy

gruppovimar.com

seniordatingtv.com

pinpinyouqian.website

retreatreflectreplenish.com

baby-handmade.store

econsupplies.com

helloaustinpodcast.com

europe-lodging.com

ferahanaokulu.com

thehomeinspo.com

rawhoneytnpasumo6.xyz

tyckasei.quest

scissorsandbuffer.com

jatinvestmentsmaldives.com

softandcute.store

afuturemakerspromotions.online

leonsigntech.com

havetheshortscovered.com

cvkf.email

iplyyu.com

Targets

    • Target

      8a95ac711537aeb1c93c61e541077005f5226e4150c2669742d1b612cfc25788

    • Size

      249KB

    • MD5

      4a1f2305b60236d5c00c871a92a9a693

    • SHA1

      ca9c84820c9960d0c294e684be2acb11736ccfd1

    • SHA256

      8a95ac711537aeb1c93c61e541077005f5226e4150c2669742d1b612cfc25788

    • SHA512

      43846983e68ce4eba961ea7bfc3d1816da756c411e27aac47d7bd38e15b05271bb51d768f5c2a1d70d883f35ce3297b768df51223b7eb536c4e700bc6b6a3811

    Score
    10/10
    xloaderm0nploaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks