Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f1d8d7b78bd6e53b4cfa63bc4f03ec0c9d7baad72c0e697993fd3354df4ab0fb

  • Size

    1016KB

  • Sample

    220128-pmw25sdab9

  • MD5

    7e3921b7ae79096c45b6545d8c26273c

  • SHA1

    3b05c2712309dbc878ad3051fc11f4609eb31a6c

  • SHA256

    f1d8d7b78bd6e53b4cfa63bc4f03ec0c9d7baad72c0e697993fd3354df4ab0fb

  • SHA512

    5a0dc4ec4504f44fff5fd68e5f6cf5611880178692b8815cfe055130f86dc2e7c02274b892eac45c5f82ec0aa10e3239460b98b25a53d9fc261ed041d37581c6

Score
10/10
xloaderpnugloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

pnug

Decoy

natureate.com

ita-pots.website

sucohansmushroom.com

produrielrosen.com

gosystemupdatenow.online

jiskra.art

janwiench.com

norfolkfoodhall.com

iloveaddictss.com

pogozip.com

buyinstapva.com

teardirectionfreedom.xyz

0205168.com

apaixonadosporpugs.online

jawscoinc.com

crafter.quest

wikipedianow.com

radiopuls.net

kendama-co.com

goodstudycanada.com

Targets

    • Target

      f1d8d7b78bd6e53b4cfa63bc4f03ec0c9d7baad72c0e697993fd3354df4ab0fb

    • Size

      1016KB

    • MD5

      7e3921b7ae79096c45b6545d8c26273c

    • SHA1

      3b05c2712309dbc878ad3051fc11f4609eb31a6c

    • SHA256

      f1d8d7b78bd6e53b4cfa63bc4f03ec0c9d7baad72c0e697993fd3354df4ab0fb

    • SHA512

      5a0dc4ec4504f44fff5fd68e5f6cf5611880178692b8815cfe055130f86dc2e7c02274b892eac45c5f82ec0aa10e3239460b98b25a53d9fc261ed041d37581c6

    Score
    10/10
    xloaderpnugloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix

Tasks