Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e86bb6d494e6720f0eaecd5a18c8e7c55324a1a301c5111f98a94d82fe295574

  • Size

    438KB

  • Sample

    211106-lnwwzsbddn

  • MD5

    5917d602f423946e08474241e6a731a7

  • SHA1

    3cebe4b56204cee8b1eb168840bccf439f2d09b0

  • SHA256

    e86bb6d494e6720f0eaecd5a18c8e7c55324a1a301c5111f98a94d82fe295574

  • SHA512

    5ec95638d00578cf4c1b4e0be6ffb08f78af0419efea4eef3fab686fa637db3b2e836af6ab63f36aa33f7b2df78c5a22dab02fff6ae346831f81af590a11f947

Score
10/10
xloadernohaloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

noha

C2

http://www.mglracing.com/noha/

Decoy

iphone13promax.support

trailer-racks.xyz

overseaspoolservice.com

r2d2u.com

dawajeju.com

nextgenproxyvote.com

xn--vhqp8mm8dbtz.group

commonsenserisk.com

cmcqgxtyd.com

data2form.com

bois-applique.com

originallollipop.com

lj0008lj.net

spfldvaccineday.info

phalcosnusa.com

llcmastermachine.com

onlyforu14.rest

bestmarketingautomations.com

officialswitchmusic.com

thepretenseofjustice.com

Targets

    • Target

      e86bb6d494e6720f0eaecd5a18c8e7c55324a1a301c5111f98a94d82fe295574

    • Size

      438KB

    • MD5

      5917d602f423946e08474241e6a731a7

    • SHA1

      3cebe4b56204cee8b1eb168840bccf439f2d09b0

    • SHA256

      e86bb6d494e6720f0eaecd5a18c8e7c55324a1a301c5111f98a94d82fe295574

    • SHA512

      5ec95638d00578cf4c1b4e0be6ffb08f78af0419efea4eef3fab686fa637db3b2e836af6ab63f36aa33f7b2df78c5a22dab02fff6ae346831f81af590a11f947

    Score
    10/10
    xloadernohaloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix

Tasks