Overview

overview

10

Static

static

1

dridex

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    64ac85dbe848795a0595a96f00817c5616387c26243081cfe33002ce9d89c4a5

  • Size

    317KB

  • Sample

    220223-3dmn1achar

  • MD5

    9afa54ca6adc21703eafa1444d025fb1

  • SHA1

    23fc1a8eafc5d8693973ffaffc223cefc1c6cc13

  • SHA256

    64ac85dbe848795a0595a96f00817c5616387c26243081cfe33002ce9d89c4a5

  • SHA512

    68397ef5b5eba8964b3ab440bc30bb29c26c06e63eb4154632386d6de355492e2499efc20b47b87e87b89bf31a116d5a1f6059864c99a3ac9080b295d355e65b

Score
10/10
xloaderp2a5loaderratsuricata

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

p2a5

Decoy

gorillaslovebananas.com

zonaextasis.com

digitalpravin.online

memorialdoors.com

departmenteindhoven.com

vipulb.com

ruyibao365.com

ynpzz.com

matthewandjessica.com

winfrey2024.com

janetride.com

arairazur.xyz

alltheheads.com

amayawebdesigns.com

califunder.com

blacksource.xyz

farmasi.agency

ilmkibahar.com

thinkcentury.net

eskortclub.com

Targets

    • Target

      64ac85dbe848795a0595a96f00817c5616387c26243081cfe33002ce9d89c4a5

    • Size

      317KB

    • MD5

      9afa54ca6adc21703eafa1444d025fb1

    • SHA1

      23fc1a8eafc5d8693973ffaffc223cefc1c6cc13

    • SHA256

      64ac85dbe848795a0595a96f00817c5616387c26243081cfe33002ce9d89c4a5

    • SHA512

      68397ef5b5eba8964b3ab440bc30bb29c26c06e63eb4154632386d6de355492e2499efc20b47b87e87b89bf31a116d5a1f6059864c99a3ac9080b295d355e65b

    Score
    10/10
    xloaderp2a5loaderratsuricata

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Xloader Payload

      rat

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks