Overview

overview

10

Static

static

dridex

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f63ca508c3ea24625418ebfff72faa49193fdf16c8f2e2b8b7839eaf2f301200

  • Size

    477KB

  • Sample

    220131-jk2lyshdf6

  • MD5

    24d8977d899a1a4ed4d5b50d1bcfe514

  • SHA1

    05dbc5d30a1641b75545bba970686dce16f003bf

  • SHA256

    f63ca508c3ea24625418ebfff72faa49193fdf16c8f2e2b8b7839eaf2f301200

  • SHA512

    fd70ed4097ef60e2c7892f05ef565b071860c599536d9801286ced07018df15f48db76b4f75e1d3f75b2d607e1facf10487bad50590f055a76a5defe112f8c61

Score
10/10
xloaderw6otloaderpersistencerat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

w6ot

Decoy

zerodawnprime.com

chunhejingming.com

estrellafiamma.biz

meetbotique.com

westernghatsstudyabroad.com

madysenlenihancoaching.com

c2batlrjm05uzzjnamm8627.com

sasamamai.com

softcherry.club

iputtbetter.store

sointuboete.quest

mahadevwardrobe.online

goedkope-ladegeleiders.online

g3taquotea.info

987vna.club

justdodge.net

b95202.com

dwabiegunyfotografii.com

entrustqlxorx.online

busineschatcom.com

Targets

    • Target

      f63ca508c3ea24625418ebfff72faa49193fdf16c8f2e2b8b7839eaf2f301200

    • Size

      477KB

    • MD5

      24d8977d899a1a4ed4d5b50d1bcfe514

    • SHA1

      05dbc5d30a1641b75545bba970686dce16f003bf

    • SHA256

      f63ca508c3ea24625418ebfff72faa49193fdf16c8f2e2b8b7839eaf2f301200

    • SHA512

      fd70ed4097ef60e2c7892f05ef565b071860c599536d9801286ced07018df15f48db76b4f75e1d3f75b2d607e1facf10487bad50590f055a76a5defe112f8c61

    Score
    10/10
    xloaderw6otloaderpersistencerat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Sets service image path in registry

      persistence

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks