Overview

overview

10

Static

static

dridex

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b9420d9aebcbac4b5e7410b11383972bc328409d01d3ac2b7188ec7176f28cce

  • Size

    382KB

  • Sample

    220627-kl6gzahhen

  • MD5

    ae5edb053d773cccdfb1591933d8dca9

  • SHA1

    4076a325e8b40ae7f90ed797ca1b74020fe3107c

  • SHA256

    b9420d9aebcbac4b5e7410b11383972bc328409d01d3ac2b7188ec7176f28cce

  • SHA512

    37da8f4f36447dea7c4f33a490eb4e920ed7539b921895c50fc6f33f467d246364441e70d4d39e597d6733868c1d270b7e0bc7c94bf334b2d34a2f37dd3cf5c3

Score
10/10
xloadervweqloaderratspywarestealersuricata

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

vweq

Decoy

malang-media.com

mrsfence.com

lubetops.com

aitimedia.net

montecryptocapital.com

ahwmedia.com

bvmnc.site

bggearstore.com

bcsantacoloma.online

alltimephotography.com

santacruz-roofings.com

leaplifestyleenterprises.com

censovet.com

similkameenfarms.com

undisclosed.email

thetrinityco.com

rapiturs.com

jedlersdorf.info

mh7jk12e.xyz

flygurlblogwordpress.com

Targets

    • Target

      b9420d9aebcbac4b5e7410b11383972bc328409d01d3ac2b7188ec7176f28cce

    • Size

      382KB

    • MD5

      ae5edb053d773cccdfb1591933d8dca9

    • SHA1

      4076a325e8b40ae7f90ed797ca1b74020fe3107c

    • SHA256

      b9420d9aebcbac4b5e7410b11383972bc328409d01d3ac2b7188ec7176f28cce

    • SHA512

      37da8f4f36447dea7c4f33a490eb4e920ed7539b921895c50fc6f33f467d246364441e70d4d39e597d6733868c1d270b7e0bc7c94bf334b2d34a2f37dd3cf5c3

    Score
    10/10
    xloadervweqloaderratspywarestealersuricata

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • suricata: ET MALWARE FormBook CnC Checkin (POST) M2

      suricata: ET MALWARE FormBook CnC Checkin (POST) M2

      suricata

    • Xloader Payload

      rat

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks