Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9a4cfaaed6a9352cebb8dcb725c512ac943a7d9878329cefc9355f00d744916f

  • Size

    263KB

  • Sample

    220727-zrwbhsdcc2

  • MD5

    ab2dc0156b13dc57b25ebc3f83fac7c3

  • SHA1

    944401ca96dd092e0e66646ce00f03e5881b37e8

  • SHA256

    9a4cfaaed6a9352cebb8dcb725c512ac943a7d9878329cefc9355f00d744916f

  • SHA512

    2bbca40a977c511fdde66145129fd85aaebe5e9be68781d3aa9049dc24f5ed6b380c4ea790f54ceed1a9faf0977bc31f785e336f7c98c3f932f6aec163c9c292

Score
10/10
xloaderzgtbloaderrat

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

zgtb

Decoy

gabriellep.com

honghe4.xyz

anisaofrendas.com

happy-tile.com

thesulkies.com

international-ipo.com

tazeco.info

hhhzzz.xyz

vrmonster.xyz

theearthresidencia.com

sportape.xyz

elshadaibaterias.com

koredeiihibi.com

taxtaa.com

globalcityb.com

fxivcama.com

dagsmith.com

elmar-bhp.com

peakice.net

jhcdjewelry.com

Targets

    • Target

      9a4cfaaed6a9352cebb8dcb725c512ac943a7d9878329cefc9355f00d744916f

    • Size

      263KB

    • MD5

      ab2dc0156b13dc57b25ebc3f83fac7c3

    • SHA1

      944401ca96dd092e0e66646ce00f03e5881b37e8

    • SHA256

      9a4cfaaed6a9352cebb8dcb725c512ac943a7d9878329cefc9355f00d744916f

    • SHA512

      2bbca40a977c511fdde66145129fd85aaebe5e9be68781d3aa9049dc24f5ed6b380c4ea790f54ceed1a9faf0977bc31f785e336f7c98c3f932f6aec163c9c292

    Score
    10/10
    xloaderzgtbloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix

Tasks