Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    93d19d496e71478cf23769d45f29c123fcf591ba4c12771da2b7639bb7bb5e2e

  • Size

    389KB

  • Sample

    220127-pfjhgacddn

  • MD5

    1d4b78626c774f17888d9bd427732d56

  • SHA1

    14e6dfe56d773bd8481030f7fa2e56c718d96220

  • SHA256

    93d19d496e71478cf23769d45f29c123fcf591ba4c12771da2b7639bb7bb5e2e

  • SHA512

    02a50e5591a5f8440aec3ec2f8cb41e350662c4d39128c3fb6ea7fe01cdf256b03c8fd35e99358133b86f557f6f7f334465d8d2daef937aa2aec0c8b510f69d7

Score
10/10
xloaderyrcyloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

yrcy

Decoy

ordermws-brands.com

jkbswj.com

dairatwsl.com

lewismiddleton.com

hevenorfeed.com

kovogueshop.com

cyberitconsultingz.com

besrbee.com

workerscompfl1.com

wayfinderacu.com

smplkindness.com

servicesitcy.com

babyvv.com

fly-crypto.com

chahuima.com

trist-n.tech

minjia56.com

oded.top

mes-dents-blanches.com

nethunsleather.com

Targets

    • Target

      93d19d496e71478cf23769d45f29c123fcf591ba4c12771da2b7639bb7bb5e2e

    • Size

      389KB

    • MD5

      1d4b78626c774f17888d9bd427732d56

    • SHA1

      14e6dfe56d773bd8481030f7fa2e56c718d96220

    • SHA256

      93d19d496e71478cf23769d45f29c123fcf591ba4c12771da2b7639bb7bb5e2e

    • SHA512

      02a50e5591a5f8440aec3ec2f8cb41e350662c4d39128c3fb6ea7fe01cdf256b03c8fd35e99358133b86f557f6f7f334465d8d2daef937aa2aec0c8b510f69d7

    Score
    10/10
    xloaderyrcyloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix

Tasks