Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eed781a42769761d30787cecd662c5b6ba70589724a456d09ae008e1bd68835f

  • Size

    375KB

  • Sample

    211029-1hykysebg3

  • MD5

    1463a8e3cbd8b63c709495a91ff95506

  • SHA1

    d9840f1e6c9e94f6ec2f55703e2dfdd49598f89c

  • SHA256

    eed781a42769761d30787cecd662c5b6ba70589724a456d09ae008e1bd68835f

  • SHA512

    924e9444779ac3e9be6196bd58f2cef4aae3f2230694fe1ad0777efe079c324b072a1e98f0bb1ca077f099739c21057f1fe53c3950384291116c742aade445a9

Score
10/10
xloadereuznloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

euzn

C2

http://www.heser.net/euzn/

Decoy

235296tyc.com

gold12guide.art

baibuaherb.com

weberwines.tax

chezvitoria.com

aidenb.tech

pitchdeckservice.com

surgeryforfdf.xyz

workunvaccinated.com

hrtaro.com

yourotcs.com

sonimultispecialityclinic.com

consultantadvisors.com

pentesting-consulting.com

dantechs.digital

longshifa.online

taweilai.net

imyusuke.com

cashndashfinancial.com

fasiglimt.quest

Targets

    • Target

      eed781a42769761d30787cecd662c5b6ba70589724a456d09ae008e1bd68835f

    • Size

      375KB

    • MD5

      1463a8e3cbd8b63c709495a91ff95506

    • SHA1

      d9840f1e6c9e94f6ec2f55703e2dfdd49598f89c

    • SHA256

      eed781a42769761d30787cecd662c5b6ba70589724a456d09ae008e1bd68835f

    • SHA512

      924e9444779ac3e9be6196bd58f2cef4aae3f2230694fe1ad0777efe079c324b072a1e98f0bb1ca077f099739c21057f1fe53c3950384291116c742aade445a9

    Score
    10/10
    xloadereuznloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix

Tasks