Overview

overview

10

Static

static

1

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    28a107f37e75bafd9fd49ac3ed8745d676d04d2bd5bfea8f926f04a2f393cd51

  • Size

    441KB

  • Sample

    220123-3y1rcsgee7

  • MD5

    f71bfac229c8d64d9c18cb777e348f14

  • SHA1

    1e91e3daa8f78813368040afbfa154284ed54e3d

  • SHA256

    28a107f37e75bafd9fd49ac3ed8745d676d04d2bd5bfea8f926f04a2f393cd51

  • SHA512

    a3bc2381a1fc467795d06937716a33c69d45797325c48c5d947416c64e9346218043737a60ab7844e68013415fd02d412e5e290d7c2e7beddb5f0224af5776d9

Score
10/10
xloaderpnugloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

pnug

Decoy

natureate.com

ita-pots.website

sucohansmushroom.com

produrielrosen.com

gosystemupdatenow.online

jiskra.art

janwiench.com

norfolkfoodhall.com

iloveaddictss.com

pogozip.com

buyinstapva.com

teardirectionfreedom.xyz

0205168.com

apaixonadosporpugs.online

jawscoinc.com

crafter.quest

wikipedianow.com

radiopuls.net

kendama-co.com

goodstudycanada.com

Targets

    • Target

      28a107f37e75bafd9fd49ac3ed8745d676d04d2bd5bfea8f926f04a2f393cd51

    • Size

      441KB

    • MD5

      f71bfac229c8d64d9c18cb777e348f14

    • SHA1

      1e91e3daa8f78813368040afbfa154284ed54e3d

    • SHA256

      28a107f37e75bafd9fd49ac3ed8745d676d04d2bd5bfea8f926f04a2f393cd51

    • SHA512

      a3bc2381a1fc467795d06937716a33c69d45797325c48c5d947416c64e9346218043737a60ab7844e68013415fd02d412e5e290d7c2e7beddb5f0224af5776d9

    Score
    10/10
    xloaderpnugloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks