Overview

overview

10

Static

static

dridex

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9e19fdd001c86c5fc90e6e376f9b3240ab21355a2f24728b81ae274b26f88437

  • Size

    793KB

  • Sample

    220405-hcab3aecbm

  • MD5

    f5124f581ce0f503337d22320d552f87

  • SHA1

    03d2b9f9820957aaa9a3cdb1db2e0ff56373e444

  • SHA256

    9e19fdd001c86c5fc90e6e376f9b3240ab21355a2f24728b81ae274b26f88437

  • SHA512

    01343754a765b87fcedd6a2aec979992d6c7a64c94b09b295716bb852487d55b1e9be8eb4f1eb685186f4ebee863f3ff60534857de2ae8526e489078d5c792a5

Score
10/10
xloaderahc8loaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ahc8

Decoy

192451.com

wwwripostes.net

sirikhalsalaw.com

bitterbaybay.com

stella-scrubs.com

almanecermezcal.com

goodgood.online

translate-now.online

sincerefilm.com

quadrantforensics.com

johnfrenchart.com

plick-click.com

alnileen.com

tghi.xyz

172711.com

maymakita.com

punnyaseva.com

ukash-online.com

sho-yururi-blog.com

hebergement-solidaire.com

Targets

    • Target

      9e19fdd001c86c5fc90e6e376f9b3240ab21355a2f24728b81ae274b26f88437

    • Size

      793KB

    • MD5

      f5124f581ce0f503337d22320d552f87

    • SHA1

      03d2b9f9820957aaa9a3cdb1db2e0ff56373e444

    • SHA256

      9e19fdd001c86c5fc90e6e376f9b3240ab21355a2f24728b81ae274b26f88437

    • SHA512

      01343754a765b87fcedd6a2aec979992d6c7a64c94b09b295716bb852487d55b1e9be8eb4f1eb685186f4ebee863f3ff60534857de2ae8526e489078d5c792a5

    Score
    10/10
    xloaderahc8loaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix

Tasks