Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4fa90d4fa0908b71eab4b5639465fc8e8c8933ede1e56941b5f65175e62bd09b

  • Size

    437KB

  • Sample

    211112-qktdxadec9

  • MD5

    1fc555b7fcb6c2587e8a51c215f10dfe

  • SHA1

    7d8fecccd2bef2ff373f231032b6d3dcdbb04938

  • SHA256

    4fa90d4fa0908b71eab4b5639465fc8e8c8933ede1e56941b5f65175e62bd09b

  • SHA512

    a61ea67571838a8894cf76c7b069061debb78dbe5a58d6cdd2e837f6839306233481133ac0a8ef86fb9105232c9ff5ec992e2bb0bb4d036b1ae4e8690eef68de

Score
10/10
xloadernohaloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

noha

C2

http://www.mglracing.com/noha/

Decoy

iphone13promax.support

trailer-racks.xyz

overseaspoolservice.com

r2d2u.com

dawajeju.com

nextgenproxyvote.com

xn--vhqp8mm8dbtz.group

commonsenserisk.com

cmcqgxtyd.com

data2form.com

bois-applique.com

originallollipop.com

lj0008lj.net

spfldvaccineday.info

phalcosnusa.com

llcmastermachine.com

onlyforu14.rest

bestmarketingautomations.com

officialswitchmusic.com

thepretenseofjustice.com

Targets

    • Target

      4fa90d4fa0908b71eab4b5639465fc8e8c8933ede1e56941b5f65175e62bd09b

    • Size

      437KB

    • MD5

      1fc555b7fcb6c2587e8a51c215f10dfe

    • SHA1

      7d8fecccd2bef2ff373f231032b6d3dcdbb04938

    • SHA256

      4fa90d4fa0908b71eab4b5639465fc8e8c8933ede1e56941b5f65175e62bd09b

    • SHA512

      a61ea67571838a8894cf76c7b069061debb78dbe5a58d6cdd2e837f6839306233481133ac0a8ef86fb9105232c9ff5ec992e2bb0bb4d036b1ae4e8690eef68de

    Score
    10/10
    xloadernohaloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix

Tasks