Overview

overview

10

Static

static

1

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fc35540b602ba860b10c2b43261657a7e2b9fc1d3aa8104272f2255a664fabd7

  • Size

    246KB

  • Sample

    220131-aln8ksdca6

  • MD5

    0e738f5922ef1bed63478ca5ccbe4ab5

  • SHA1

    3518eb79082655a27598a1025d581ffdba11fb6c

  • SHA256

    fc35540b602ba860b10c2b43261657a7e2b9fc1d3aa8104272f2255a664fabd7

  • SHA512

    1d5038223c9e5b426ed4f8cafeefa4ec919588f6819fd3b82773c97efdf6848f45c0b05e94ee16eb27f7df23b0f4e760b05e002f54d2c591956daf06cc3b58e5

Score
10/10
xloaderb80iloaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

b80i

Decoy

yixuan5.com

jiazheng369.com

danielleefelipe.net

micorgas.com

uvywah.com

nbjcgl.com

streets4suites.com

hempgotas.com

postmoon.xyz

gaboshoes.com

pastodwes.com

libes.asia

damusalama.com

youngliving1.com

mollyagee.com

branchwallet.com

seebuehnegoerlitz.com

inventors.community

teentykarm.quest

927291.com

Targets

    • Target

      fc35540b602ba860b10c2b43261657a7e2b9fc1d3aa8104272f2255a664fabd7

    • Size

      246KB

    • MD5

      0e738f5922ef1bed63478ca5ccbe4ab5

    • SHA1

      3518eb79082655a27598a1025d581ffdba11fb6c

    • SHA256

      fc35540b602ba860b10c2b43261657a7e2b9fc1d3aa8104272f2255a664fabd7

    • SHA512

      1d5038223c9e5b426ed4f8cafeefa4ec919588f6819fd3b82773c97efdf6848f45c0b05e94ee16eb27f7df23b0f4e760b05e002f54d2c591956daf06cc3b58e5

    Score
    10/10
    xloaderb80iloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks