Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    945e623b814b647326ed96bc5be37010053fdc50f9dce11d96e408c22a8afd4a

  • Size

    816KB

  • Sample

    211117-sada2saabq

  • MD5

    c4839f9e9d80100927eb39678175bbe6

  • SHA1

    f88c6cf0e37bce13bf8317f86bbd3640d6badd4d

  • SHA256

    945e623b814b647326ed96bc5be37010053fdc50f9dce11d96e408c22a8afd4a

  • SHA512

    0166f4b2e46b183691b57715519c7176db7f61578001b4b2cba5e1173e562eb998ad2fa6cbfeddafe408df979b4805afe94bcec478cc4eddc6111046a0c6c073

Score
10/10
xloadermwevloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

mwev

C2

http://www.scion-go-getter.com/mwev/

Decoy

9linefarms.com

meadow-spring.com

texascountrycharts.com

chinatowndeliver.com

grindsword.com

thegurusigavebirthto.com

rip-online.com

lm-safe-keepingtoyof6.xyz

plumbtechconsulting.com

jgoerlach.com

inbloomsolutions.com

foxandmew.com

tikomobile.store

waybunch.com

thepatriottutor.com

qask.top

pharmacylinked.com

ishii-miona.com

sugarandrocks.com

anabolenpower.net

Targets

    • Target

      945e623b814b647326ed96bc5be37010053fdc50f9dce11d96e408c22a8afd4a

    • Size

      816KB

    • MD5

      c4839f9e9d80100927eb39678175bbe6

    • SHA1

      f88c6cf0e37bce13bf8317f86bbd3640d6badd4d

    • SHA256

      945e623b814b647326ed96bc5be37010053fdc50f9dce11d96e408c22a8afd4a

    • SHA512

      0166f4b2e46b183691b57715519c7176db7f61578001b4b2cba5e1173e562eb998ad2fa6cbfeddafe408df979b4805afe94bcec478cc4eddc6111046a0c6c073

    Score
    10/10
    xloadermwevloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix

Tasks