Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    17ed64707506c917be6329e1cbe94548d761d218dc8e2d624eab99565acc055d

  • Size

    324KB

  • Sample

    211026-mkkvzshbf9

  • MD5

    e54e7ec5aa72f4d5bb128553728fb209

  • SHA1

    75def864c40663258f582b8dd8cbad3905f74c56

  • SHA256

    17ed64707506c917be6329e1cbe94548d761d218dc8e2d624eab99565acc055d

  • SHA512

    f8c54bb005d5e1b443a03606580fc2c73a70bc6c97f76c1c42237c9cab119b7e25839031239bdf4653f101a2408860eeaade2c861c36ccfa53bc8c75ae36d473

Score
10/10
xloadereuznloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

euzn

C2

http://www.heser.net/euzn/

Decoy

235296tyc.com

gold12guide.art

baibuaherb.com

weberwines.tax

chezvitoria.com

aidenb.tech

pitchdeckservice.com

surgeryforfdf.xyz

workunvaccinated.com

hrtaro.com

yourotcs.com

sonimultispecialityclinic.com

consultantadvisors.com

pentesting-consulting.com

dantechs.digital

longshifa.online

taweilai.net

imyusuke.com

cashndashfinancial.com

fasiglimt.quest

Targets

    • Target

      17ed64707506c917be6329e1cbe94548d761d218dc8e2d624eab99565acc055d

    • Size

      324KB

    • MD5

      e54e7ec5aa72f4d5bb128553728fb209

    • SHA1

      75def864c40663258f582b8dd8cbad3905f74c56

    • SHA256

      17ed64707506c917be6329e1cbe94548d761d218dc8e2d624eab99565acc055d

    • SHA512

      f8c54bb005d5e1b443a03606580fc2c73a70bc6c97f76c1c42237c9cab119b7e25839031239bdf4653f101a2408860eeaade2c861c36ccfa53bc8c75ae36d473

    Score
    10/10
    xloadereuznloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix

Tasks