Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2ff7c84701eaf8b5865bb2716e8a8d0f0ae71ddf725b0330e6b88229585e2ad1

  • Size

    700KB

  • Sample

    211022-v12gnscggk

  • MD5

    b24b66f056ed8c7471e306ecba76a521

  • SHA1

    5d6cf56066c647560cf2e6ae1c2c8fa13c2adb5d

  • SHA256

    2ff7c84701eaf8b5865bb2716e8a8d0f0ae71ddf725b0330e6b88229585e2ad1

  • SHA512

    855d6e2c68d8d846746ac37a22766c3b6bdf822ffb525b72232909ecb494a5837b7fbf3189358278516206ee4bf591083e65b3369be06fcf55827e88d56799fe

Score
10/10
formbooks18yratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

s18y

C2

http://www.agentpathleurre.space/s18y/

Decoy

jokes-online.com

dzzdjn.com

lizzieerhardtebnaryepptts.com

interfacehand.xyz

sale-m.site

block-facebook.com

dicasdamadrinha.com

maythewind.com

hasari.net

omnists.com

thevalley-eg.com

rdfj.xyz

szhfcy.com

alkalineage.club

fdf.xyz

absorplus.com

poldolongo.com

badassshirts.club

ferienwohnungenmv.com

bilboondokoak.com

Targets

    • Target

      2ff7c84701eaf8b5865bb2716e8a8d0f0ae71ddf725b0330e6b88229585e2ad1

    • Size

      700KB

    • MD5

      b24b66f056ed8c7471e306ecba76a521

    • SHA1

      5d6cf56066c647560cf2e6ae1c2c8fa13c2adb5d

    • SHA256

      2ff7c84701eaf8b5865bb2716e8a8d0f0ae71ddf725b0330e6b88229585e2ad1

    • SHA512

      855d6e2c68d8d846746ac37a22766c3b6bdf822ffb525b72232909ecb494a5837b7fbf3189358278516206ee4bf591083e65b3369be06fcf55827e88d56799fe

    Score
    10/10
    formbooks18yratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix

Tasks