Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a74ef2c500149b6791283540e388a5fb9b037287c2a9274131d86d352ff26e2a

  • Size

    396KB

  • Sample

    211122-rn3mesafh5

  • MD5

    20ffcf0254ddf88f9a59b91ae3b77ba8

  • SHA1

    e79cc05f1bc41a9a6c9323aa1c25b007a937a549

  • SHA256

    a74ef2c500149b6791283540e388a5fb9b037287c2a9274131d86d352ff26e2a

  • SHA512

    63cd1acca0d601577d6c26e55a71a4e2fe5804de374fed5fd822c61bd4727500d46e0985efbff073825a6f928b3750350895143003c8faa3eb472c22a000c195

Score
10/10
xloadernohaloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

noha

C2

http://www.mglracing.com/noha/

Decoy

iphone13promax.support

trailer-racks.xyz

overseaspoolservice.com

r2d2u.com

dawajeju.com

nextgenproxyvote.com

xn--vhqp8mm8dbtz.group

commonsenserisk.com

cmcqgxtyd.com

data2form.com

bois-applique.com

originallollipop.com

lj0008lj.net

spfldvaccineday.info

phalcosnusa.com

llcmastermachine.com

onlyforu14.rest

bestmarketingautomations.com

officialswitchmusic.com

thepretenseofjustice.com

Targets

    • Target

      a74ef2c500149b6791283540e388a5fb9b037287c2a9274131d86d352ff26e2a

    • Size

      396KB

    • MD5

      20ffcf0254ddf88f9a59b91ae3b77ba8

    • SHA1

      e79cc05f1bc41a9a6c9323aa1c25b007a937a549

    • SHA256

      a74ef2c500149b6791283540e388a5fb9b037287c2a9274131d86d352ff26e2a

    • SHA512

      63cd1acca0d601577d6c26e55a71a4e2fe5804de374fed5fd822c61bd4727500d46e0985efbff073825a6f928b3750350895143003c8faa3eb472c22a000c195

    Score
    10/10
    xloadernohaloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix

Tasks