Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a15402c5f869a1c02421742c27dd71c2448bb037d391a6bf130be06b2f976e2f

  • Size

    582KB

  • Sample

    220113-qt3c6saec9

  • MD5

    0e99d13aafcc5e8fadc45d8b85336d9b

  • SHA1

    6573c9dd229e50981aa24128ad02a07e99805369

  • SHA256

    a15402c5f869a1c02421742c27dd71c2448bb037d391a6bf130be06b2f976e2f

  • SHA512

    d2c22cff7ad0e8ea73b4d6a82f732d5d4f10033598040d545f00711d5a9c10c2d78e5c5aa17c8cacf9434e361f4b947a33c4849e800e2f3df7b73245ecd69d5a

Score
10/10
xloaderpnugloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

pnug

Decoy

natureate.com

ita-pots.website

sucohansmushroom.com

produrielrosen.com

gosystemupdatenow.online

jiskra.art

janwiench.com

norfolkfoodhall.com

iloveaddictss.com

pogozip.com

buyinstapva.com

teardirectionfreedom.xyz

0205168.com

apaixonadosporpugs.online

jawscoinc.com

crafter.quest

wikipedianow.com

radiopuls.net

kendama-co.com

goodstudycanada.com

Targets

    • Target

      a15402c5f869a1c02421742c27dd71c2448bb037d391a6bf130be06b2f976e2f

    • Size

      582KB

    • MD5

      0e99d13aafcc5e8fadc45d8b85336d9b

    • SHA1

      6573c9dd229e50981aa24128ad02a07e99805369

    • SHA256

      a15402c5f869a1c02421742c27dd71c2448bb037d391a6bf130be06b2f976e2f

    • SHA512

      d2c22cff7ad0e8ea73b4d6a82f732d5d4f10033598040d545f00711d5a9c10c2d78e5c5aa17c8cacf9434e361f4b947a33c4849e800e2f3df7b73245ecd69d5a

    Score
    10/10
    xloaderpnugloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix

Tasks