Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3490cb5fd9a372722f95ed69c41e23d5cd274ce6b3c024ec1731962a380409d6

  • Size

    794KB

  • Sample

    211014-pfxebsacbq

  • MD5

    f11ebc7e0b269ee17f61f7a4ab4ce9ec

  • SHA1

    eaed674ac16bfedaf34c8ef1005cbb236ee647f0

  • SHA256

    3490cb5fd9a372722f95ed69c41e23d5cd274ce6b3c024ec1731962a380409d6

  • SHA512

    a418073ce2d9a6217e19849fa24c2b0d172caf1a6514bb63356b240e76b3ed4f9123cb3e102ff804126bdebd8614afb5c225552eadd7b756917118fb619497ea

Score
10/10
xloaderht08loaderpersistenceratsuricata

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ht08

C2

http://www.septemberstockevent200.com/ht08/

Decoy

joye.club

istanbulemlakgalerisi.online

annikadaniel.love

oooci.com

curebase-test.com

swisstradecenter.com

hacticum.com

centercodebase.com

recbi56ni.com

mmj0115.xyz

sharpstead.com

sprklbeauty.com

progettogenesi.cloud

dolinum.com

amaroqadvisors.com

traininig.com

leewaysvcs.com

nashhomesearch.com

joy1263.com

serkanyamac.com

Targets

    • Target

      3490cb5fd9a372722f95ed69c41e23d5cd274ce6b3c024ec1731962a380409d6

    • Size

      794KB

    • MD5

      f11ebc7e0b269ee17f61f7a4ab4ce9ec

    • SHA1

      eaed674ac16bfedaf34c8ef1005cbb236ee647f0

    • SHA256

      3490cb5fd9a372722f95ed69c41e23d5cd274ce6b3c024ec1731962a380409d6

    • SHA512

      a418073ce2d9a6217e19849fa24c2b0d172caf1a6514bb63356b240e76b3ed4f9123cb3e102ff804126bdebd8614afb5c225552eadd7b756917118fb619497ea

    Score
    10/10
    xloaderht08loaderpersistenceratsuricata

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Xloader Payload

      rat

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks