Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f082986c206eccdaa79f0db369bc2826cc56e5071b371946c7fb96666684c4db

  • Size

    596KB

  • Sample

    211111-dmz81sfgaj

  • MD5

    a0740bf0d91acda7ead5a156a9485fda

  • SHA1

    b8a9838b26ef685e2d2e099e336b678f4ef068af

  • SHA256

    f082986c206eccdaa79f0db369bc2826cc56e5071b371946c7fb96666684c4db

  • SHA512

    f3aab8dfbaaa984d058daa69569423ec2a1bdcc551f60c04a0d7edf92c420b201a212b1aaa14a2c6291564581e0a54f58990740369acfcac0dcb3c2c5c37ff75

Score
10/10
formbooks18yratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

s18y

C2

http://www.agentpathleurre.space/s18y/

Decoy

jokes-online.com

dzzdjn.com

lizzieerhardtebnaryepptts.com

interfacehand.xyz

sale-m.site

block-facebook.com

dicasdamadrinha.com

maythewind.com

hasari.net

omnists.com

thevalley-eg.com

rdfj.xyz

szhfcy.com

alkalineage.club

fdf.xyz

absorplus.com

poldolongo.com

badassshirts.club

ferienwohnungenmv.com

bilboondokoak.com

Targets

    • Target

      f082986c206eccdaa79f0db369bc2826cc56e5071b371946c7fb96666684c4db

    • Size

      596KB

    • MD5

      a0740bf0d91acda7ead5a156a9485fda

    • SHA1

      b8a9838b26ef685e2d2e099e336b678f4ef068af

    • SHA256

      f082986c206eccdaa79f0db369bc2826cc56e5071b371946c7fb96666684c4db

    • SHA512

      f3aab8dfbaaa984d058daa69569423ec2a1bdcc551f60c04a0d7edf92c420b201a212b1aaa14a2c6291564581e0a54f58990740369acfcac0dcb3c2c5c37ff75

    Score
    10/10
    formbooks18yratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix

Tasks