Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    06590d9c81caf0a4855c2a31c7bbe55a4646ffcb24cb165278e0495b3cf8a250

  • Size

    1.3MB

  • Sample

    211206-nv7yyaggg4

  • MD5

    8bc4cfe5461872b3ed2dc7b97d723649

  • SHA1

    66914ff967f707edd08ec7514a6e15031948cba2

  • SHA256

    06590d9c81caf0a4855c2a31c7bbe55a4646ffcb24cb165278e0495b3cf8a250

  • SHA512

    d42d6364f88be5686dcbad41263d66e5ef1de4b5c19650b62ed39c3cb47bd5e024e3b02ee386c90f699a56ead6ecd2f4ff38e5cc0c86234ea9f7e5b7f1f56968

Score
10/10
xloadermwevloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

mwev

C2

http://www.scion-go-getter.com/mwev/

Decoy

9linefarms.com

meadow-spring.com

texascountrycharts.com

chinatowndeliver.com

grindsword.com

thegurusigavebirthto.com

rip-online.com

lm-safe-keepingtoyof6.xyz

plumbtechconsulting.com

jgoerlach.com

inbloomsolutions.com

foxandmew.com

tikomobile.store

waybunch.com

thepatriottutor.com

qask.top

pharmacylinked.com

ishii-miona.com

sugarandrocks.com

anabolenpower.net

Targets

    • Target

      06590d9c81caf0a4855c2a31c7bbe55a4646ffcb24cb165278e0495b3cf8a250

    • Size

      1.3MB

    • MD5

      8bc4cfe5461872b3ed2dc7b97d723649

    • SHA1

      66914ff967f707edd08ec7514a6e15031948cba2

    • SHA256

      06590d9c81caf0a4855c2a31c7bbe55a4646ffcb24cb165278e0495b3cf8a250

    • SHA512

      d42d6364f88be5686dcbad41263d66e5ef1de4b5c19650b62ed39c3cb47bd5e024e3b02ee386c90f699a56ead6ecd2f4ff38e5cc0c86234ea9f7e5b7f1f56968

    Score
    10/10
    xloadermwevloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix

Tasks