Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1aeb38db4aa9f7758a8e63680f8c71f4f61df56c2045a8f029009a6c15f06722

  • Size

    802KB

  • Sample

    211103-b22paahhhn

  • MD5

    0a9c33568666c88e722c9b0366b93afe

  • SHA1

    e6a5c7723cb9675257d95d36ecb0c72892c9ed4c

  • SHA256

    1aeb38db4aa9f7758a8e63680f8c71f4f61df56c2045a8f029009a6c15f06722

  • SHA512

    29058c1ada57de57ca3b89b2138df004f503416fed72b69875833c1d1c95bd8fe7042ce15d60df3661b441621cd510fdfb81efba09f02db009deaf08d582222d

Score
10/10
formbooks18yratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

s18y

C2

http://www.agentpathleurre.space/s18y/

Decoy

jokes-online.com

dzzdjn.com

lizzieerhardtebnaryepptts.com

interfacehand.xyz

sale-m.site

block-facebook.com

dicasdamadrinha.com

maythewind.com

hasari.net

omnists.com

thevalley-eg.com

rdfj.xyz

szhfcy.com

alkalineage.club

fdf.xyz

absorplus.com

poldolongo.com

badassshirts.club

ferienwohnungenmv.com

bilboondokoak.com

Targets

    • Target

      1aeb38db4aa9f7758a8e63680f8c71f4f61df56c2045a8f029009a6c15f06722

    • Size

      802KB

    • MD5

      0a9c33568666c88e722c9b0366b93afe

    • SHA1

      e6a5c7723cb9675257d95d36ecb0c72892c9ed4c

    • SHA256

      1aeb38db4aa9f7758a8e63680f8c71f4f61df56c2045a8f029009a6c15f06722

    • SHA512

      29058c1ada57de57ca3b89b2138df004f503416fed72b69875833c1d1c95bd8fe7042ce15d60df3661b441621cd510fdfb81efba09f02db009deaf08d582222d

    Score
    10/10
    formbooks18yratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix

Tasks