Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dbeea7b74c941b6b567e7f12fa575d8b09650116bfb583604d6c50991cf351ba

  • Size

    370KB

  • Sample

    220112-m7emgscda4

  • MD5

    0ae572452cbd392f8507184620811203

  • SHA1

    3d01d532981417ea736449f3894352dd7f50d610

  • SHA256

    dbeea7b74c941b6b567e7f12fa575d8b09650116bfb583604d6c50991cf351ba

  • SHA512

    eb1a612a77edca89de192a71402aac87b75a716366da040aaf65ef7e707c09630734b5a3ac2a3e5bb0031b0988ce9e423c556243b93763a1b6fcd6d01d976dfc

Score
10/10
xloaderef6cloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ef6c

Decoy

gicaredocs.com

govusergroup.com

conversationspit.com

brondairy.com

rjtherealest.com

xn--9m1bq8wgkag3rjvb.com

mylori.net

softandcute.store

ahljsm.com

shacksolid.com

weekendmusecollection.com

gaminghallarna.net

pgonline111.online

44mpt.xyz

ambrandt.com

eddytattoo.com

blendeqes.com

upinmyfeels.com

lacucinadesign.com

docomoau.xyz

Targets

    • Target

      dbeea7b74c941b6b567e7f12fa575d8b09650116bfb583604d6c50991cf351ba

    • Size

      370KB

    • MD5

      0ae572452cbd392f8507184620811203

    • SHA1

      3d01d532981417ea736449f3894352dd7f50d610

    • SHA256

      dbeea7b74c941b6b567e7f12fa575d8b09650116bfb583604d6c50991cf351ba

    • SHA512

      eb1a612a77edca89de192a71402aac87b75a716366da040aaf65ef7e707c09630734b5a3ac2a3e5bb0031b0988ce9e423c556243b93763a1b6fcd6d01d976dfc

    Score
    10/10
    xloaderef6cloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix

Tasks