Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    92206b9fa1251b589ab6d14b4828cafe0ec9d9b44df469602b7d3d1ed16ae0e8

  • Size

    414KB

  • Sample

    211028-m4ywyscbh9

  • MD5

    ff1c94584214d5eef525a0d3ff196a8b

  • SHA1

    64841f419c3d8bff98b1ada134ecb8d63be07ec4

  • SHA256

    92206b9fa1251b589ab6d14b4828cafe0ec9d9b44df469602b7d3d1ed16ae0e8

  • SHA512

    9070de7cca07bde86414050f16a73f51c8573e07dca0e8cbac09c870d6f902890d1282dc6f9b1702feb059ad96938ca05dc466bd2004b2c2f670e60ad32f6daa

Score
10/10
xloadermwevloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

mwev

C2

http://www.scion-go-getter.com/mwev/

Decoy

9linefarms.com

meadow-spring.com

texascountrycharts.com

chinatowndeliver.com

grindsword.com

thegurusigavebirthto.com

rip-online.com

lm-safe-keepingtoyof6.xyz

plumbtechconsulting.com

jgoerlach.com

inbloomsolutions.com

foxandmew.com

tikomobile.store

waybunch.com

thepatriottutor.com

qask.top

pharmacylinked.com

ishii-miona.com

sugarandrocks.com

anabolenpower.net

Targets

    • Target

      92206b9fa1251b589ab6d14b4828cafe0ec9d9b44df469602b7d3d1ed16ae0e8

    • Size

      414KB

    • MD5

      ff1c94584214d5eef525a0d3ff196a8b

    • SHA1

      64841f419c3d8bff98b1ada134ecb8d63be07ec4

    • SHA256

      92206b9fa1251b589ab6d14b4828cafe0ec9d9b44df469602b7d3d1ed16ae0e8

    • SHA512

      9070de7cca07bde86414050f16a73f51c8573e07dca0e8cbac09c870d6f902890d1282dc6f9b1702feb059ad96938ca05dc466bd2004b2c2f670e60ad32f6daa

    Score
    10/10
    xloadermwevloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix

Tasks