Overview

overview

10

Static

static

1

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    31accabae2032a0fda8dd449182167521360e258df6ebd2316130399d910e990

  • Size

    260KB

  • Sample

    210928-begqlaace4

  • MD5

    fbaece4205ad6b13817946a0bdf13900

  • SHA1

    5a90df6971a60dc7f17bdd2f7ee35e041f3ee14b

  • SHA256

    31accabae2032a0fda8dd449182167521360e258df6ebd2316130399d910e990

  • SHA512

    3dea45a7d59261311cd4a27603b730e32dd29cb4679f762904c615aa09f2e099c536dd9892cda2de8714201411dc101e1dd73c3a76484127aa57bbca2e70751b

Score
10/10
xloaderm0nploaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

m0np

C2

http://www.devmedicalcentre.com/m0np/

Decoy

gruppovimar.com

seniordatingtv.com

pinpinyouqian.website

retreatreflectreplenish.com

baby-handmade.store

econsupplies.com

helloaustinpodcast.com

europe-lodging.com

ferahanaokulu.com

thehomeinspo.com

rawhoneytnpasumo6.xyz

tyckasei.quest

scissorsandbuffer.com

jatinvestmentsmaldives.com

softandcute.store

afuturemakerspromotions.online

leonsigntech.com

havetheshortscovered.com

cvkf.email

iplyyu.com

Targets

    • Target

      31accabae2032a0fda8dd449182167521360e258df6ebd2316130399d910e990

    • Size

      260KB

    • MD5

      fbaece4205ad6b13817946a0bdf13900

    • SHA1

      5a90df6971a60dc7f17bdd2f7ee35e041f3ee14b

    • SHA256

      31accabae2032a0fda8dd449182167521360e258df6ebd2316130399d910e990

    • SHA512

      3dea45a7d59261311cd4a27603b730e32dd29cb4679f762904c615aa09f2e099c536dd9892cda2de8714201411dc101e1dd73c3a76484127aa57bbca2e70751b

    Score
    10/10
    xloaderm0nploaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks