Overview

overview

10

Static

static

1

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e777ad1dca2df7e7c9b06832349f82e10af2259f68b0f855b10899fae8a29e7a

  • Size

    256KB

  • Sample

    210923-wxpjdafac3

  • MD5

    5ca262d947bc9ae36f5adcc8e29d170d

  • SHA1

    d2a942058386c631b7f53a055768a6ac9852d1af

  • SHA256

    e777ad1dca2df7e7c9b06832349f82e10af2259f68b0f855b10899fae8a29e7a

  • SHA512

    8fc417879c493879514cea3bc936c9a817568a35eccb7b7766f83a6327eb1a97ab5904af76ee7e393d6529f158f279d56410079faa8188e45bcab714bb384055

Score
10/10
xloaderm0nploaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

m0np

C2

http://www.devmedicalcentre.com/m0np/

Decoy

gruppovimar.com

seniordatingtv.com

pinpinyouqian.website

retreatreflectreplenish.com

baby-handmade.store

econsupplies.com

helloaustinpodcast.com

europe-lodging.com

ferahanaokulu.com

thehomeinspo.com

rawhoneytnpasumo6.xyz

tyckasei.quest

scissorsandbuffer.com

jatinvestmentsmaldives.com

softandcute.store

afuturemakerspromotions.online

leonsigntech.com

havetheshortscovered.com

cvkf.email

iplyyu.com

Targets

    • Target

      e777ad1dca2df7e7c9b06832349f82e10af2259f68b0f855b10899fae8a29e7a

    • Size

      256KB

    • MD5

      5ca262d947bc9ae36f5adcc8e29d170d

    • SHA1

      d2a942058386c631b7f53a055768a6ac9852d1af

    • SHA256

      e777ad1dca2df7e7c9b06832349f82e10af2259f68b0f855b10899fae8a29e7a

    • SHA512

      8fc417879c493879514cea3bc936c9a817568a35eccb7b7766f83a6327eb1a97ab5904af76ee7e393d6529f158f279d56410079faa8188e45bcab714bb384055

    Score
    10/10
    xloaderm0nploaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks