Overview

overview

10

Static

static

1

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a632daf4953367bf3024b3e84d13b5beb03d77719cca10b155355e474b3173e3

  • Size

    441KB

  • Sample

    220125-j21e8abhe7

  • MD5

    ee0a3d31b64011310ae0a4fde697aa25

  • SHA1

    5d9fd5352b9e0f268cd495d2061e31c9fada2c53

  • SHA256

    a632daf4953367bf3024b3e84d13b5beb03d77719cca10b155355e474b3173e3

  • SHA512

    2ee81b14384fded53344ce3501d30188b65d7ffa94ca54cb57ff5c291db9dc8334760ebc4735da3a0ecae3fa89bc40841064918aac738eee5b1b9943426ac8f4

Score
10/10
xloaderpnugloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

pnug

Decoy

natureate.com

ita-pots.website

sucohansmushroom.com

produrielrosen.com

gosystemupdatenow.online

jiskra.art

janwiench.com

norfolkfoodhall.com

iloveaddictss.com

pogozip.com

buyinstapva.com

teardirectionfreedom.xyz

0205168.com

apaixonadosporpugs.online

jawscoinc.com

crafter.quest

wikipedianow.com

radiopuls.net

kendama-co.com

goodstudycanada.com

Targets

    • Target

      a632daf4953367bf3024b3e84d13b5beb03d77719cca10b155355e474b3173e3

    • Size

      441KB

    • MD5

      ee0a3d31b64011310ae0a4fde697aa25

    • SHA1

      5d9fd5352b9e0f268cd495d2061e31c9fada2c53

    • SHA256

      a632daf4953367bf3024b3e84d13b5beb03d77719cca10b155355e474b3173e3

    • SHA512

      2ee81b14384fded53344ce3501d30188b65d7ffa94ca54cb57ff5c291db9dc8334760ebc4735da3a0ecae3fa89bc40841064918aac738eee5b1b9943426ac8f4

    Score
    10/10
    xloaderpnugloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks