Overview

overview

10

Static

static

1

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5f9bc09e4b5b782ff1b0cb564bd217b31c79e0ca253c136b7f5e4744460b2bb9

  • Size

    552KB

  • Sample

    220110-hx7s3aecdm

  • MD5

    175f006164182d3a95bf61ea207b7944

  • SHA1

    e6586c82b4f92784edbf7640a63c0425dc51705b

  • SHA256

    5f9bc09e4b5b782ff1b0cb564bd217b31c79e0ca253c136b7f5e4744460b2bb9

  • SHA512

    6266b69aae421079890fb7f189a0c913af5a42a2fdf91b6189fa6e394f4272d00a5114aa7888012d14049e78db70f48fd1f51d883a9cbbedfcdbe3ea217576c0

Score
10/10
xloaderpnugloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

pnug

Decoy

natureate.com

ita-pots.website

sucohansmushroom.com

produrielrosen.com

gosystemupdatenow.online

jiskra.art

janwiench.com

norfolkfoodhall.com

iloveaddictss.com

pogozip.com

buyinstapva.com

teardirectionfreedom.xyz

0205168.com

apaixonadosporpugs.online

jawscoinc.com

crafter.quest

wikipedianow.com

radiopuls.net

kendama-co.com

goodstudycanada.com

Targets

    • Target

      5f9bc09e4b5b782ff1b0cb564bd217b31c79e0ca253c136b7f5e4744460b2bb9

    • Size

      552KB

    • MD5

      175f006164182d3a95bf61ea207b7944

    • SHA1

      e6586c82b4f92784edbf7640a63c0425dc51705b

    • SHA256

      5f9bc09e4b5b782ff1b0cb564bd217b31c79e0ca253c136b7f5e4744460b2bb9

    • SHA512

      6266b69aae421079890fb7f189a0c913af5a42a2fdf91b6189fa6e394f4272d00a5114aa7888012d14049e78db70f48fd1f51d883a9cbbedfcdbe3ea217576c0

    Score
    10/10
    xloaderpnugloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks