Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    62b522aefc576e200d589cfcdc1487e68f6a17cc6eae30a705ccbae3964070e2

  • Size

    37KB

  • Sample

    220329-k8gr5achh2

  • MD5

    15b48944c4d3a4a2ba6b45d90bb7aeaf

  • SHA1

    e86884b3abc975afe837564b42a61938551c6888

  • SHA256

    62b522aefc576e200d589cfcdc1487e68f6a17cc6eae30a705ccbae3964070e2

  • SHA512

    a5f6e3e07d8ae4a45fe4b3d1b7e1ed064636fb215642fa2173f76f4fdc63bdb4ae4b20c83fba315ee1872a0084fb03e15830d8081a379e8d2a1b721b4fd2cff7

Score
10/10
xloaderahc8loaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ahc8

Decoy

192451.com

wwwripostes.net

sirikhalsalaw.com

bitterbaybay.com

stella-scrubs.com

almanecermezcal.com

goodgood.online

translate-now.online

sincerefilm.com

quadrantforensics.com

johnfrenchart.com

plick-click.com

alnileen.com

tghi.xyz

172711.com

maymakita.com

punnyaseva.com

ukash-online.com

sho-yururi-blog.com

hebergement-solidaire.com

Targets

    • Target

      62b522aefc576e200d589cfcdc1487e68f6a17cc6eae30a705ccbae3964070e2

    • Size

      37KB

    • MD5

      15b48944c4d3a4a2ba6b45d90bb7aeaf

    • SHA1

      e86884b3abc975afe837564b42a61938551c6888

    • SHA256

      62b522aefc576e200d589cfcdc1487e68f6a17cc6eae30a705ccbae3964070e2

    • SHA512

      a5f6e3e07d8ae4a45fe4b3d1b7e1ed064636fb215642fa2173f76f4fdc63bdb4ae4b20c83fba315ee1872a0084fb03e15830d8081a379e8d2a1b721b4fd2cff7

    Score
    10/10
    xloaderahc8loaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Downloads MZ/PE file

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix

Tasks