Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1fae82dd43e0af0adf50dea57a3a609682ea8a604d67701448ab91d3193f4eb1

  • Size

    597KB

  • Sample

    211001-hvpvgabbcn

  • MD5

    e1be4d5a120b60f3e06225f7e8bbccd2

  • SHA1

    488a278e74f451b661e59fda69473232669b89ee

  • SHA256

    1fae82dd43e0af0adf50dea57a3a609682ea8a604d67701448ab91d3193f4eb1

  • SHA512

    c27a525c932ebd2d5597abad72aa80000cfab477abe9b96facb317a3d0aa68892ecadbff24242d15dc5cfa2fa2a05209401bd8b5cb83949e5f36c3b9f507d3d1

Score
10/10
xloadermjyvloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

mjyv

C2

http://www.simpeltattofor.men/mjyv/

Decoy

wenyuexuan.com

tropicaldepression.info

healthylifefit.com

reemletenleafy.com

jmrrve.com

mabduh.com

esomvw.com

selfcaresereneneness.com

murdabudz.com

meinemail.online

brandqrcodes.com

live-in-pflege.com

nickrecovery.com

ziototoristorante.com

chatcure.com

corlora.com

localagentlab.com

yogo7.net

krveop.com

heianswer.xyz

Targets

    • Target

      1fae82dd43e0af0adf50dea57a3a609682ea8a604d67701448ab91d3193f4eb1

    • Size

      597KB

    • MD5

      e1be4d5a120b60f3e06225f7e8bbccd2

    • SHA1

      488a278e74f451b661e59fda69473232669b89ee

    • SHA256

      1fae82dd43e0af0adf50dea57a3a609682ea8a604d67701448ab91d3193f4eb1

    • SHA512

      c27a525c932ebd2d5597abad72aa80000cfab477abe9b96facb317a3d0aa68892ecadbff24242d15dc5cfa2fa2a05209401bd8b5cb83949e5f36c3b9f507d3d1

    Score
    10/10
    xloadermjyvloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix

Tasks