Overview

overview

10

Static

static

1

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4f64511b423d79682dfad8f6b516516d32e801f0031f07b7e3c6c19798a64b95

  • Size

    545KB

  • Sample

    220111-mw7twsfcd6

  • MD5

    886375fa6ecb64fa31dd20b8688216cc

  • SHA1

    5b23e5b6fbe5add5b7a891288c66ac2df05dd52a

  • SHA256

    4f64511b423d79682dfad8f6b516516d32e801f0031f07b7e3c6c19798a64b95

  • SHA512

    5a9065efc8ea242a3efb66e809de949e13f214660d1f79a66a86cfee32f966ae838b5fd6d34aacb7d82d4ebc8682f44364ba917b43d5770c3d7260a99c80a849

Score
10/10
xloaderpnugloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

pnug

Decoy

natureate.com

ita-pots.website

sucohansmushroom.com

produrielrosen.com

gosystemupdatenow.online

jiskra.art

janwiench.com

norfolkfoodhall.com

iloveaddictss.com

pogozip.com

buyinstapva.com

teardirectionfreedom.xyz

0205168.com

apaixonadosporpugs.online

jawscoinc.com

crafter.quest

wikipedianow.com

radiopuls.net

kendama-co.com

goodstudycanada.com

Targets

    • Target

      4f64511b423d79682dfad8f6b516516d32e801f0031f07b7e3c6c19798a64b95

    • Size

      545KB

    • MD5

      886375fa6ecb64fa31dd20b8688216cc

    • SHA1

      5b23e5b6fbe5add5b7a891288c66ac2df05dd52a

    • SHA256

      4f64511b423d79682dfad8f6b516516d32e801f0031f07b7e3c6c19798a64b95

    • SHA512

      5a9065efc8ea242a3efb66e809de949e13f214660d1f79a66a86cfee32f966ae838b5fd6d34aacb7d82d4ebc8682f44364ba917b43d5770c3d7260a99c80a849

    Score
    10/10
    xloaderpnugloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks