Overview

overview

10

Static

static

1

dridex

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    335fa8671bb1ef8659247de4bed05898512fb3a056ef6deb31849eefef8a4743

  • Size

    316KB

  • Sample

    220223-p8wnhabecj

  • MD5

    055bb9d26064b091388362cd9460d440

  • SHA1

    0edd4226c1c62dfe6c3fdeb272eade9c8773d2a8

  • SHA256

    335fa8671bb1ef8659247de4bed05898512fb3a056ef6deb31849eefef8a4743

  • SHA512

    99ee3c57e631a6a0933b1764665bffd99177ecdde915a26cfef0f85d65a493b9e1c7f7fd17c2d99fa2bb20ff29b394d02d8621a3f9e9cbe124ed37fd0ec96a81

Score
10/10
xloaderp2a5loaderratsuricata

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

p2a5

Decoy

gorillaslovebananas.com

zonaextasis.com

digitalpravin.online

memorialdoors.com

departmenteindhoven.com

vipulb.com

ruyibao365.com

ynpzz.com

matthewandjessica.com

winfrey2024.com

janetride.com

arairazur.xyz

alltheheads.com

amayawebdesigns.com

califunder.com

blacksource.xyz

farmasi.agency

ilmkibahar.com

thinkcentury.net

eskortclub.com

Targets

    • Target

      335fa8671bb1ef8659247de4bed05898512fb3a056ef6deb31849eefef8a4743

    • Size

      316KB

    • MD5

      055bb9d26064b091388362cd9460d440

    • SHA1

      0edd4226c1c62dfe6c3fdeb272eade9c8773d2a8

    • SHA256

      335fa8671bb1ef8659247de4bed05898512fb3a056ef6deb31849eefef8a4743

    • SHA512

      99ee3c57e631a6a0933b1764665bffd99177ecdde915a26cfef0f85d65a493b9e1c7f7fd17c2d99fa2bb20ff29b394d02d8621a3f9e9cbe124ed37fd0ec96a81

    Score
    10/10
    xloaderp2a5loaderratsuricata

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

      suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

      suricata

    • Xloader Payload

      rat

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks