Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    50s
  • max time network
    80s
  • platform
    windows10_x64
  • resource
    win10-20220414-en
  • submitted
    17-05-2022 13:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6020782d1453cd88fbc94e18b67eb9941c9625567bfb8e25918a0d4de1dc0cc1.exe

  • Size

    671KB

  • MD5

    fd4b6a7e6283e82542d1a4c94d4780fd

  • SHA1

    559bbf03a43b3718a7def18e160bf89d744ccd55

  • SHA256

    6020782d1453cd88fbc94e18b67eb9941c9625567bfb8e25918a0d4de1dc0cc1

  • SHA512

    837e4b12564324e1b7b374ac2bcb1ed21dcc4dd53ce3b796f189b27764a35164e41cb03214120d190253927080c4c31a0440d154845c96fa7e892c145a1d19b7

Score
10/10
xloaderr007loaderrat

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

r007

Decoy

trashpandaservice.com

mobileads.network

ascolstore.com

gelsinextra.com

bonestell.net

heitoll.xyz

ceapgis.com

mon-lapin.biz

miq-eva.com

rematedesillas.com

playingonline.xyz

hausense.quest

tnyzw.com

appsdial.com

addcolor.city

hagenoblog.com

michaelwesleyj.com

she-zain.com

lorhsems.com

karmaserena.com

Signatures

  • Xloader

    Xloader is a rebranded version of Formbook malware.

    loaderxloader
  • Xloader Payload 2 IoCs
    rat
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6020782d1453cd88fbc94e18b67eb9941c9625567bfb8e25918a0d4de1dc0cc1.exe
    "C:\Users\Admin\AppData\Local\Temp\6020782d1453cd88fbc94e18b67eb9941c9625567bfb8e25918a0d4de1dc0cc1.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:3420
    • C:\Users\Admin\AppData\Local\Temp\6020782d1453cd88fbc94e18b67eb9941c9625567bfb8e25918a0d4de1dc0cc1.exe
      "C:\Users\Admin\AppData\Local\Temp\6020782d1453cd88fbc94e18b67eb9941c9625567bfb8e25918a0d4de1dc0cc1.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:2200

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2200-130-0x000000000041D9B0-mapping.dmp
    Download
  • memory/2200-131-0x00000000019D0000-0x0000000001CF0000-memory.dmp
    Filesize

    3.1MB

    Download
  • memory/2200-129-0x0000000000400000-0x000000000042A000-memory.dmp
    Filesize

    168KB

    Download
  • memory/3420-125-0x0000000005070000-0x000000000507E000-memory.dmp
    Filesize

    56KB

    Download
  • memory/3420-123-0x0000000004D80000-0x0000000004D8A000-memory.dmp
    Filesize

    40KB

    Download
  • memory/3420-124-0x0000000005310000-0x000000000539C000-memory.dmp
    Filesize

    560KB

    Download
  • memory/3420-119-0x0000000000490000-0x000000000053C000-memory.dmp
    Filesize

    688KB

    Download
  • memory/3420-126-0x00000000088B0000-0x0000000008944000-memory.dmp
    Filesize

    592KB

    Download
  • memory/3420-127-0x00000000089C0000-0x0000000008A26000-memory.dmp
    Filesize

    408KB

    Download
  • memory/3420-128-0x0000000008970000-0x00000000089A8000-memory.dmp
    Filesize

    224KB

    Download
  • memory/3420-122-0x0000000004E80000-0x0000000004F1C000-memory.dmp
    Filesize

    624KB

    Download
  • memory/3420-121-0x0000000004DE0000-0x0000000004E72000-memory.dmp
    Filesize

    584KB

    Download
  • memory/3420-120-0x0000000005440000-0x000000000593E000-memory.dmp
    Filesize

    5.0MB

    Download