Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    349d6abee992c08597d7a6b3a1ebce0081f9cb984c7d2a801c7ed088d8b085a9

  • Size

    463KB

  • Sample

    211110-lel1esdhaj

  • MD5

    63696d6e6d78a5d424deb504a287cc79

  • SHA1

    9e02ff5e10c7119d91192f914ea197ab643a070a

  • SHA256

    349d6abee992c08597d7a6b3a1ebce0081f9cb984c7d2a801c7ed088d8b085a9

  • SHA512

    3006dd8a58637541a1c52063e1eacf8e4f0ee39ff8840be1dfec7b10fe733e2c4bb7303b1e6211f7e2fb5a97e50c5a407608b541d58473cee3c0eabab7f693ae

Score
10/10
formbooks18yratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

s18y

C2

http://www.agentpathleurre.space/s18y/

Decoy

jokes-online.com

dzzdjn.com

lizzieerhardtebnaryepptts.com

interfacehand.xyz

sale-m.site

block-facebook.com

dicasdamadrinha.com

maythewind.com

hasari.net

omnists.com

thevalley-eg.com

rdfj.xyz

szhfcy.com

alkalineage.club

fdf.xyz

absorplus.com

poldolongo.com

badassshirts.club

ferienwohnungenmv.com

bilboondokoak.com

Targets

    • Target

      349d6abee992c08597d7a6b3a1ebce0081f9cb984c7d2a801c7ed088d8b085a9

    • Size

      463KB

    • MD5

      63696d6e6d78a5d424deb504a287cc79

    • SHA1

      9e02ff5e10c7119d91192f914ea197ab643a070a

    • SHA256

      349d6abee992c08597d7a6b3a1ebce0081f9cb984c7d2a801c7ed088d8b085a9

    • SHA512

      3006dd8a58637541a1c52063e1eacf8e4f0ee39ff8840be1dfec7b10fe733e2c4bb7303b1e6211f7e2fb5a97e50c5a407608b541d58473cee3c0eabab7f693ae

    Score
    10/10
    formbooks18yratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix

Tasks