Overview

overview

10

Static

static

dridex

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    325161475d78040b7747dede24421e11ccd705849e73752487fb51d9c0b5cda8

  • Size

    574KB

  • Sample

    220119-pspv1shgcr

  • MD5

    206cedae259410a8bdc3edd361c02ee9

  • SHA1

    0a71074e7d021b356d4ea0cec9376ed813163124

  • SHA256

    325161475d78040b7747dede24421e11ccd705849e73752487fb51d9c0b5cda8

  • SHA512

    d85d702263ead266642e3c2219fac33420154c678fb8e3ade7e6bcb8b057492518510f919ccca29d29c875460fceb5e32a194e0ad7d8e25e28a4552ebe95b204

Score
10/10
xloaderpnugloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

pnug

Decoy

natureate.com

ita-pots.website

sucohansmushroom.com

produrielrosen.com

gosystemupdatenow.online

jiskra.art

janwiench.com

norfolkfoodhall.com

iloveaddictss.com

pogozip.com

buyinstapva.com

teardirectionfreedom.xyz

0205168.com

apaixonadosporpugs.online

jawscoinc.com

crafter.quest

wikipedianow.com

radiopuls.net

kendama-co.com

goodstudycanada.com

Targets

    • Target

      325161475d78040b7747dede24421e11ccd705849e73752487fb51d9c0b5cda8

    • Size

      574KB

    • MD5

      206cedae259410a8bdc3edd361c02ee9

    • SHA1

      0a71074e7d021b356d4ea0cec9376ed813163124

    • SHA256

      325161475d78040b7747dede24421e11ccd705849e73752487fb51d9c0b5cda8

    • SHA512

      d85d702263ead266642e3c2219fac33420154c678fb8e3ade7e6bcb8b057492518510f919ccca29d29c875460fceb5e32a194e0ad7d8e25e28a4552ebe95b204

    Score
    10/10
    xloaderpnugloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix

Tasks