Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6020782d1453cd88fbc94e18b67eb9941c9625567bfb8e25918a0d4de1dc0cc1

  • Size

    671KB

  • Sample

    220517-qb8ggaehcm

  • MD5

    fd4b6a7e6283e82542d1a4c94d4780fd

  • SHA1

    559bbf03a43b3718a7def18e160bf89d744ccd55

  • SHA256

    6020782d1453cd88fbc94e18b67eb9941c9625567bfb8e25918a0d4de1dc0cc1

  • SHA512

    837e4b12564324e1b7b374ac2bcb1ed21dcc4dd53ce3b796f189b27764a35164e41cb03214120d190253927080c4c31a0440d154845c96fa7e892c145a1d19b7

Score
10/10
xloaderr007loaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

r007

Decoy

trashpandaservice.com

mobileads.network

ascolstore.com

gelsinextra.com

bonestell.net

heitoll.xyz

ceapgis.com

mon-lapin.biz

miq-eva.com

rematedesillas.com

playingonline.xyz

hausense.quest

tnyzw.com

appsdial.com

addcolor.city

hagenoblog.com

michaelwesleyj.com

she-zain.com

lorhsems.com

karmaserena.com

Targets

    • Target

      6020782d1453cd88fbc94e18b67eb9941c9625567bfb8e25918a0d4de1dc0cc1

    • Size

      671KB

    • MD5

      fd4b6a7e6283e82542d1a4c94d4780fd

    • SHA1

      559bbf03a43b3718a7def18e160bf89d744ccd55

    • SHA256

      6020782d1453cd88fbc94e18b67eb9941c9625567bfb8e25918a0d4de1dc0cc1

    • SHA512

      837e4b12564324e1b7b374ac2bcb1ed21dcc4dd53ce3b796f189b27764a35164e41cb03214120d190253927080c4c31a0440d154845c96fa7e892c145a1d19b7

    Score
    10/10
    xloaderr007loaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix

Tasks