Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8aa346b87c8d3d53fb5265cd0c04bbd3c8c978b7e1eb7b2e0958c078322d75e9

  • Size

    403KB

  • Sample

    211029-naxmgadbe8

  • MD5

    b87f81920e06301937deb513ff65bf91

  • SHA1

    cbe9ee020d5fad93b49784f6707614804f3f8ce2

  • SHA256

    8aa346b87c8d3d53fb5265cd0c04bbd3c8c978b7e1eb7b2e0958c078322d75e9

  • SHA512

    edafb5cd221b340ab2b5b9c9a00d087b0a80d35bd9f07c073fc5ffb0eb4f7360f5751fbf04974ce1e94a39d649fbc7c5efd5b5400c2a255e8b9e01e2964eff27

Score
10/10
formbooks18yratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

s18y

C2

http://www.agentpathleurre.space/s18y/

Decoy

jokes-online.com

dzzdjn.com

lizzieerhardtebnaryepptts.com

interfacehand.xyz

sale-m.site

block-facebook.com

dicasdamadrinha.com

maythewind.com

hasari.net

omnists.com

thevalley-eg.com

rdfj.xyz

szhfcy.com

alkalineage.club

fdf.xyz

absorplus.com

poldolongo.com

badassshirts.club

ferienwohnungenmv.com

bilboondokoak.com

Targets

    • Target

      8aa346b87c8d3d53fb5265cd0c04bbd3c8c978b7e1eb7b2e0958c078322d75e9

    • Size

      403KB

    • MD5

      b87f81920e06301937deb513ff65bf91

    • SHA1

      cbe9ee020d5fad93b49784f6707614804f3f8ce2

    • SHA256

      8aa346b87c8d3d53fb5265cd0c04bbd3c8c978b7e1eb7b2e0958c078322d75e9

    • SHA512

      edafb5cd221b340ab2b5b9c9a00d087b0a80d35bd9f07c073fc5ffb0eb4f7360f5751fbf04974ce1e94a39d649fbc7c5efd5b5400c2a255e8b9e01e2964eff27

    Score
    10/10
    formbooks18yratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix

Tasks