Overview

overview

10

Static

static

1

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fbcdadd58c74c8536b737c3fcd91f009562181986c1f9d1a455934a2bcd37bf0

  • Size

    261KB

  • Sample

    210923-k5ajmsead3

  • MD5

    b79e41f3e6af86f8d7b20deadfd20096

  • SHA1

    abdbd24d56f66dff79be4d3ac28ddd87c233b9e8

  • SHA256

    fbcdadd58c74c8536b737c3fcd91f009562181986c1f9d1a455934a2bcd37bf0

  • SHA512

    c334e13fcf991ce6b8b40bd165fe69b55d1b9b1e56b1a9b16aee72a545b6513a861ba508d7f624504f89ca0cdcb659c8b1b09304824237be4c55ce867403aee7

Score
10/10
xloaderm0nploaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

m0np

C2

http://www.devmedicalcentre.com/m0np/

Decoy

gruppovimar.com

seniordatingtv.com

pinpinyouqian.website

retreatreflectreplenish.com

baby-handmade.store

econsupplies.com

helloaustinpodcast.com

europe-lodging.com

ferahanaokulu.com

thehomeinspo.com

rawhoneytnpasumo6.xyz

tyckasei.quest

scissorsandbuffer.com

jatinvestmentsmaldives.com

softandcute.store

afuturemakerspromotions.online

leonsigntech.com

havetheshortscovered.com

cvkf.email

iplyyu.com

Targets

    • Target

      fbcdadd58c74c8536b737c3fcd91f009562181986c1f9d1a455934a2bcd37bf0

    • Size

      261KB

    • MD5

      b79e41f3e6af86f8d7b20deadfd20096

    • SHA1

      abdbd24d56f66dff79be4d3ac28ddd87c233b9e8

    • SHA256

      fbcdadd58c74c8536b737c3fcd91f009562181986c1f9d1a455934a2bcd37bf0

    • SHA512

      c334e13fcf991ce6b8b40bd165fe69b55d1b9b1e56b1a9b16aee72a545b6513a861ba508d7f624504f89ca0cdcb659c8b1b09304824237be4c55ce867403aee7

    Score
    10/10
    xloaderm0nploaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks