Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5a1261b8c98d7ec6edfe8e470f857336557c6ed317822117dece6012306f170d

  • Size

    569KB

  • Sample

    211014-f6nqfagcd5

  • MD5

    d369781ed2d0848e769bd4e466318920

  • SHA1

    4808ca1792f13e061bf29b055ae83a5edaf18e3b

  • SHA256

    5a1261b8c98d7ec6edfe8e470f857336557c6ed317822117dece6012306f170d

  • SHA512

    5a83149de7eba4f736719892025eda984cfe40069e9b8916a4f44338d8c34d9e9346a24f05e2f8c0b67d2d4183ba0f4ea17dd322c1095844412bce329c233688

Score
10/10
xloaderef6cloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ef6c

C2

http://www.fis.photos/ef6c/

Decoy

gicaredocs.com

govusergroup.com

conversationspit.com

brondairy.com

rjtherealest.com

xn--9m1bq8wgkag3rjvb.com

mylori.net

softandcute.store

ahljsm.com

shacksolid.com

weekendmusecollection.com

gaminghallarna.net

pgonline111.online

44mpt.xyz

ambrandt.com

eddytattoo.com

blendeqes.com

upinmyfeels.com

lacucinadesign.com

docomoau.xyz

Targets

    • Target

      5a1261b8c98d7ec6edfe8e470f857336557c6ed317822117dece6012306f170d

    • Size

      569KB

    • MD5

      d369781ed2d0848e769bd4e466318920

    • SHA1

      4808ca1792f13e061bf29b055ae83a5edaf18e3b

    • SHA256

      5a1261b8c98d7ec6edfe8e470f857336557c6ed317822117dece6012306f170d

    • SHA512

      5a83149de7eba4f736719892025eda984cfe40069e9b8916a4f44338d8c34d9e9346a24f05e2f8c0b67d2d4183ba0f4ea17dd322c1095844412bce329c233688

    Score
    10/10
    xloaderef6cloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix

Tasks