Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4dc95a3bcf000bee17c567dcb6047c2e523641ad704f6e677421e817440c51f4

  • Size

    50KB

  • Sample

    211008-vna4ysefh6

  • MD5

    9d95cf845f980370aec4ab7a815f1803

  • SHA1

    a21b5d35b87a3ca35dbf313689d720c07903c9e7

  • SHA256

    4dc95a3bcf000bee17c567dcb6047c2e523641ad704f6e677421e817440c51f4

  • SHA512

    1607ac27b7cf4c033f6b24e618939ab8a635fb44eb3801fd079494590b44ccb3720271456e6d3fd6e37f74d02128923c4bd8bb1580dbe5051547bd2dac98d0d6

Score
10/10
xloadermexqloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

mexq

C2

http://www.aliexpress-br.com/mexq/

Decoy

cyebang.com

hcswwsz.com

50003008.com

yfly624.xyz

trungtamhohap.xyz

sotlbb.com

bizhan69.com

brandmty.net

fucibou.xyz

orderinformantmailer.store

nobleminers.com

divinevoid.com

quickappraisal.net

adventuretravelsworld.com

ashainitiativemp.com

ikkbs-a02.com

rd26x.com

goraeda.com

abbastanza.info

andypartridge.photography

Targets

    • Target

      4dc95a3bcf000bee17c567dcb6047c2e523641ad704f6e677421e817440c51f4

    • Size

      50KB

    • MD5

      9d95cf845f980370aec4ab7a815f1803

    • SHA1

      a21b5d35b87a3ca35dbf313689d720c07903c9e7

    • SHA256

      4dc95a3bcf000bee17c567dcb6047c2e523641ad704f6e677421e817440c51f4

    • SHA512

      1607ac27b7cf4c033f6b24e618939ab8a635fb44eb3801fd079494590b44ccb3720271456e6d3fd6e37f74d02128923c4bd8bb1580dbe5051547bd2dac98d0d6

    Score
    10/10
    xloadermexqloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix

Tasks