Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3b14b04160d49bdd074d3d571992ed5333b8292a3c0f8f58988c606bd91408f9

  • Size

    21KB

  • Sample

    220406-cjx4tabgem

  • MD5

    dce19521a9244e07348ad6d9594d0e82

  • SHA1

    0afa324ff68a5e398c1c7d2b1c86ad2c8cc1c9aa

  • SHA256

    3b14b04160d49bdd074d3d571992ed5333b8292a3c0f8f58988c606bd91408f9

  • SHA512

    49892e61920f4baf2d3228ab5b985c4252411cb40bca68d3fa069148cf474c1a3160f043c3b2b532634e361350be9f39bd89a9e92361c962dc65cab5b939a496

Score
10/10
xloaderahc8loaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ahc8

Decoy

192451.com

wwwripostes.net

sirikhalsalaw.com

bitterbaybay.com

stella-scrubs.com

almanecermezcal.com

goodgood.online

translate-now.online

sincerefilm.com

quadrantforensics.com

johnfrenchart.com

plick-click.com

alnileen.com

tghi.xyz

172711.com

maymakita.com

punnyaseva.com

ukash-online.com

sho-yururi-blog.com

hebergement-solidaire.com

Targets

    • Target

      3b14b04160d49bdd074d3d571992ed5333b8292a3c0f8f58988c606bd91408f9

    • Size

      21KB

    • MD5

      dce19521a9244e07348ad6d9594d0e82

    • SHA1

      0afa324ff68a5e398c1c7d2b1c86ad2c8cc1c9aa

    • SHA256

      3b14b04160d49bdd074d3d571992ed5333b8292a3c0f8f58988c606bd91408f9

    • SHA512

      49892e61920f4baf2d3228ab5b985c4252411cb40bca68d3fa069148cf474c1a3160f043c3b2b532634e361350be9f39bd89a9e92361c962dc65cab5b939a496

    Score
    10/10
    xloaderahc8loaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Downloads MZ/PE file

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix

Tasks