Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fd7a4b329f76991a0957245515cc9dbcffefa941a94f1186511ce7b8c0a6e3eb

  • Size

    1.2MB

  • Sample

    211115-krnjcahff7

  • MD5

    86d8b2ad8bcd3c0d8f4eab82f5f42b08

  • SHA1

    019c003dd620a0af5c4881055820ecfa875fc2b2

  • SHA256

    fd7a4b329f76991a0957245515cc9dbcffefa941a94f1186511ce7b8c0a6e3eb

  • SHA512

    1822cb9590a28f6aa3d1149d8b5f344213207f33b1d31987821ba040a70e5b79e9f1d4b7049926c7821bc99b045cdb0c2687ccc55f67e186e658dcbe1d5657f1

Score
10/10
formbooks18yratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

s18y

C2

http://www.agentpathleurre.space/s18y/

Decoy

jokes-online.com

dzzdjn.com

lizzieerhardtebnaryepptts.com

interfacehand.xyz

sale-m.site

block-facebook.com

dicasdamadrinha.com

maythewind.com

hasari.net

omnists.com

thevalley-eg.com

rdfj.xyz

szhfcy.com

alkalineage.club

fdf.xyz

absorplus.com

poldolongo.com

badassshirts.club

ferienwohnungenmv.com

bilboondokoak.com

Targets

    • Target

      fd7a4b329f76991a0957245515cc9dbcffefa941a94f1186511ce7b8c0a6e3eb

    • Size

      1.2MB

    • MD5

      86d8b2ad8bcd3c0d8f4eab82f5f42b08

    • SHA1

      019c003dd620a0af5c4881055820ecfa875fc2b2

    • SHA256

      fd7a4b329f76991a0957245515cc9dbcffefa941a94f1186511ce7b8c0a6e3eb

    • SHA512

      1822cb9590a28f6aa3d1149d8b5f344213207f33b1d31987821ba040a70e5b79e9f1d4b7049926c7821bc99b045cdb0c2687ccc55f67e186e658dcbe1d5657f1

    Score
    10/10
    formbooks18yratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix

Tasks