Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    111s
  • max time network
    118s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    27-01-2022 12:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    93d19d496e71478cf23769d45f29c123fcf591ba4c12771da2b7639bb7bb5e2e.exe

  • Size

    389KB

  • MD5

    1d4b78626c774f17888d9bd427732d56

  • SHA1

    14e6dfe56d773bd8481030f7fa2e56c718d96220

  • SHA256

    93d19d496e71478cf23769d45f29c123fcf591ba4c12771da2b7639bb7bb5e2e

  • SHA512

    02a50e5591a5f8440aec3ec2f8cb41e350662c4d39128c3fb6ea7fe01cdf256b03c8fd35e99358133b86f557f6f7f334465d8d2daef937aa2aec0c8b510f69d7

Score
10/10
xloaderyrcyloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

yrcy

Decoy

ordermws-brands.com

jkbswj.com

dairatwsl.com

lewismiddleton.com

hevenorfeed.com

kovogueshop.com

cyberitconsultingz.com

besrbee.com

workerscompfl1.com

wayfinderacu.com

smplkindness.com

servicesitcy.com

babyvv.com

fly-crypto.com

chahuima.com

trist-n.tech

minjia56.com

oded.top

mes-dents-blanches.com

nethunsleather.com

Signatures

  • Xloader

    Xloader is a rebranded version of Formbook malware.

    loaderxloader
  • Xloader Payload 1 IoCs
    rat
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\93d19d496e71478cf23769d45f29c123fcf591ba4c12771da2b7639bb7bb5e2e.exe
    "C:\Users\Admin\AppData\Local\Temp\93d19d496e71478cf23769d45f29c123fcf591ba4c12771da2b7639bb7bb5e2e.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2656
    • C:\Users\Admin\AppData\Local\Temp\93d19d496e71478cf23769d45f29c123fcf591ba4c12771da2b7639bb7bb5e2e.exe
      "C:\Users\Admin\AppData\Local\Temp\93d19d496e71478cf23769d45f29c123fcf591ba4c12771da2b7639bb7bb5e2e.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:3336

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2656-117-0x0000000000180000-0x00000000001E8000-memory.dmp
    Filesize

    416KB

    Download
  • memory/2656-118-0x0000000004E70000-0x000000000536E000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/2656-119-0x0000000004A50000-0x0000000004AE2000-memory.dmp
    Filesize

    584KB

    Download
  • memory/2656-120-0x0000000004A20000-0x0000000004A2A000-memory.dmp
    Filesize

    40KB

    Download
  • memory/2656-121-0x0000000004970000-0x0000000004E6E000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/2656-122-0x0000000004C60000-0x0000000004C6C000-memory.dmp
    Filesize

    48KB

    Download
  • memory/2656-123-0x0000000007180000-0x000000000721C000-memory.dmp
    Filesize

    624KB

    Download
  • memory/2656-124-0x0000000007300000-0x0000000007362000-memory.dmp
    Filesize

    392KB

    Download
  • memory/3336-125-0x0000000000400000-0x0000000000429000-memory.dmp
    Filesize

    164KB

    Download
  • memory/3336-126-0x0000000000F80000-0x00000000012A0000-memory.dmp
    Filesize

    3.1MB

    Download