Overview

overview

10

Static

static

1

dridex

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    016ffff295ef62f445fc834377c44e8a843a0f11899cb88f9e4e0e05c54bc7e9

  • Size

    246KB

  • Sample

    220201-jn7blsbef7

  • MD5

    559faec250a5211b75eeae8f02078103

  • SHA1

    4655a5e23561d063e899cda174ed145431e95f42

  • SHA256

    016ffff295ef62f445fc834377c44e8a843a0f11899cb88f9e4e0e05c54bc7e9

  • SHA512

    002a7664ec00e5d7bfd950c6fb76950ddacb803e55ad323783afb29487b7e48de43891ecbba0e0f3d339d69f33deb0eb0c0fbe8132d94a1020501f8f9aef6cff

Score
10/10
xloaderp2a5loaderpersistencerat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

p2a5

Decoy

gorillaslovebananas.com

zonaextasis.com

digitalpravin.online

memorialdoors.com

departmenteindhoven.com

vipulb.com

ruyibao365.com

ynpzz.com

matthewandjessica.com

winfrey2024.com

janetride.com

arairazur.xyz

alltheheads.com

amayawebdesigns.com

califunder.com

blacksource.xyz

farmasi.agency

ilmkibahar.com

thinkcentury.net

eskortclub.com

Targets

    • Target

      016ffff295ef62f445fc834377c44e8a843a0f11899cb88f9e4e0e05c54bc7e9

    • Size

      246KB

    • MD5

      559faec250a5211b75eeae8f02078103

    • SHA1

      4655a5e23561d063e899cda174ed145431e95f42

    • SHA256

      016ffff295ef62f445fc834377c44e8a843a0f11899cb88f9e4e0e05c54bc7e9

    • SHA512

      002a7664ec00e5d7bfd950c6fb76950ddacb803e55ad323783afb29487b7e48de43891ecbba0e0f3d339d69f33deb0eb0c0fbe8132d94a1020501f8f9aef6cff

    Score
    10/10
    xloaderp2a5loaderpersistencerat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Sets service image path in registry

      persistence

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks