Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a67522d0e3d5e271eabf5f5ba02e0c0b770c2c7167bf4a4fcbe886581ac4692a

  • Size

    589KB

  • Sample

    220516-vhqmfsbba2

  • MD5

    5f80910a6d8580b533aee41ef221dd46

  • SHA1

    6bc30286fa2efbe4745e65c81de94e85a5d2dd80

  • SHA256

    a67522d0e3d5e271eabf5f5ba02e0c0b770c2c7167bf4a4fcbe886581ac4692a

  • SHA512

    d0a5bc4aa9235603b3ef17fef1dbdd7914ad57e84819c140ff1461329604eb67812a4df788198cb64c3b0ee7da4e4eedd32d2d3eadf6c9de7a986254b6058a83

Score
10/10
xloaderr007loaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

r007

Decoy

trashpandaservice.com

mobileads.network

ascolstore.com

gelsinextra.com

bonestell.net

heitoll.xyz

ceapgis.com

mon-lapin.biz

miq-eva.com

rematedesillas.com

playingonline.xyz

hausense.quest

tnyzw.com

appsdial.com

addcolor.city

hagenoblog.com

michaelwesleyj.com

she-zain.com

lorhsems.com

karmaserena.com

Targets

    • Target

      a67522d0e3d5e271eabf5f5ba02e0c0b770c2c7167bf4a4fcbe886581ac4692a

    • Size

      589KB

    • MD5

      5f80910a6d8580b533aee41ef221dd46

    • SHA1

      6bc30286fa2efbe4745e65c81de94e85a5d2dd80

    • SHA256

      a67522d0e3d5e271eabf5f5ba02e0c0b770c2c7167bf4a4fcbe886581ac4692a

    • SHA512

      d0a5bc4aa9235603b3ef17fef1dbdd7914ad57e84819c140ff1461329604eb67812a4df788198cb64c3b0ee7da4e4eedd32d2d3eadf6c9de7a986254b6058a83

    Score
    10/10
    xloaderr007loaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix

Tasks