Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0b3fffd1de700b6d54df6bd954e66c523292484ce0686fb0ae5750b57734a0dd

  • Size

    264KB

  • Sample

    220727-2x23csebg3

  • MD5

    f4f6a0f06ad4b8365f2cca9ba179c7e7

  • SHA1

    6d15de8936b8ec906986528ddf0591073b0f4dab

  • SHA256

    0b3fffd1de700b6d54df6bd954e66c523292484ce0686fb0ae5750b57734a0dd

  • SHA512

    47f78bc71e935dbd98e6200a2048a92c97e41187a44f17a3b425daf314d347318f1c1aa65f34ec82ae1ed81e62912bc718caa6c1b3e6b6de13693cb1d722faac

Score
10/10
xloaderzgtbloaderrat

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

zgtb

Decoy

gabriellep.com

honghe4.xyz

anisaofrendas.com

happy-tile.com

thesulkies.com

international-ipo.com

tazeco.info

hhhzzz.xyz

vrmonster.xyz

theearthresidencia.com

sportape.xyz

elshadaibaterias.com

koredeiihibi.com

taxtaa.com

globalcityb.com

fxivcama.com

dagsmith.com

elmar-bhp.com

peakice.net

jhcdjewelry.com

Targets

    • Target

      0b3fffd1de700b6d54df6bd954e66c523292484ce0686fb0ae5750b57734a0dd

    • Size

      264KB

    • MD5

      f4f6a0f06ad4b8365f2cca9ba179c7e7

    • SHA1

      6d15de8936b8ec906986528ddf0591073b0f4dab

    • SHA256

      0b3fffd1de700b6d54df6bd954e66c523292484ce0686fb0ae5750b57734a0dd

    • SHA512

      47f78bc71e935dbd98e6200a2048a92c97e41187a44f17a3b425daf314d347318f1c1aa65f34ec82ae1ed81e62912bc718caa6c1b3e6b6de13693cb1d722faac

    Score
    10/10
    xloaderzgtbloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix

Tasks