Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5e529cbb901aced8a6af49250afd3d67e059d717d7ecf3edc32e18a9d549361c

  • Size

    514KB

  • Sample

    211027-h5xm3aaha8

  • MD5

    9227463ffb6e37d271919e06d175eda7

  • SHA1

    549cca1bd4031f3d302832754a1f3e51ffed065f

  • SHA256

    5e529cbb901aced8a6af49250afd3d67e059d717d7ecf3edc32e18a9d549361c

  • SHA512

    3c2673d5ca3be9c723b8d34185299459a53f0d99b3f8abd2821b73299d6de83257cd4e850ac635c53598eb8cbd9574ee103b781c7c6952b69f2c6ee8c9b3e60b

Score
10/10
formbooks18yratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

s18y

C2

http://www.agentpathleurre.space/s18y/

Decoy

jokes-online.com

dzzdjn.com

lizzieerhardtebnaryepptts.com

interfacehand.xyz

sale-m.site

block-facebook.com

dicasdamadrinha.com

maythewind.com

hasari.net

omnists.com

thevalley-eg.com

rdfj.xyz

szhfcy.com

alkalineage.club

fdf.xyz

absorplus.com

poldolongo.com

badassshirts.club

ferienwohnungenmv.com

bilboondokoak.com

Targets

    • Target

      5e529cbb901aced8a6af49250afd3d67e059d717d7ecf3edc32e18a9d549361c

    • Size

      514KB

    • MD5

      9227463ffb6e37d271919e06d175eda7

    • SHA1

      549cca1bd4031f3d302832754a1f3e51ffed065f

    • SHA256

      5e529cbb901aced8a6af49250afd3d67e059d717d7ecf3edc32e18a9d549361c

    • SHA512

      3c2673d5ca3be9c723b8d34185299459a53f0d99b3f8abd2821b73299d6de83257cd4e850ac635c53598eb8cbd9574ee103b781c7c6952b69f2c6ee8c9b3e60b

    Score
    10/10
    formbooks18yratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix

Tasks