Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    120s
  • max time network
    156s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    27-01-2022 00:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1e144fefc15a6a2643674f01b3324e29b5320d45a16a081e8aad8a969712cb9d.exe

  • Size

    398KB

  • MD5

    f6eaacd1b39028130602ee0892e67663

  • SHA1

    12ba0b4e8c41ececa29814f9b64da351e5509fb0

  • SHA256

    1e144fefc15a6a2643674f01b3324e29b5320d45a16a081e8aad8a969712cb9d

  • SHA512

    a5705ae52ffde84bbd90d6335f23ffccaccbde9b2e75d2462216662a60cf6a178a6a7f2b318975fd77d05ffc1746c357fc85c717fa2aa20cb480e452e9c5463b

Score
10/10
formbooka83rratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

a83r

Decoy

comercializadoralonso.com

durhamschoolservces.com

onegreencapital.com

smartcities24.com

maquinas.store

brianlovesbonsai.com

xin41518s.com

moneyearnus.xyz

be-mix.com

fengyat.club

inspectdecided.xyz

paksafpakistan.com

orhidlnt.top

princesuraj.com

vietnamvodka.com

renewnow.site

imageservices.xyz

luxurytravelfranchise.com

kp112.red

royalyorkfirewood.com

Signatures

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook
  • Formbook Payload 1 IoCs
    rat
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1e144fefc15a6a2643674f01b3324e29b5320d45a16a081e8aad8a969712cb9d.exe
    "C:\Users\Admin\AppData\Local\Temp\1e144fefc15a6a2643674f01b3324e29b5320d45a16a081e8aad8a969712cb9d.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2500
    • C:\Users\Admin\AppData\Local\Temp\1e144fefc15a6a2643674f01b3324e29b5320d45a16a081e8aad8a969712cb9d.exe
      "C:\Users\Admin\AppData\Local\Temp\1e144fefc15a6a2643674f01b3324e29b5320d45a16a081e8aad8a969712cb9d.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:3240

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2500-118-0x0000000000D90000-0x0000000000DFA000-memory.dmp
    Filesize

    424KB

    Download
  • memory/2500-119-0x0000000005A90000-0x0000000005F8E000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/2500-120-0x0000000005630000-0x00000000056C2000-memory.dmp
    Filesize

    584KB

    Download
  • memory/2500-121-0x0000000005590000-0x0000000005A8E000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/2500-122-0x00000000057A0000-0x00000000057AA000-memory.dmp
    Filesize

    40KB

    Download
  • memory/2500-123-0x00000000079E0000-0x00000000079EC000-memory.dmp
    Filesize

    48KB

    Download
  • memory/2500-124-0x0000000007D20000-0x0000000007DBC000-memory.dmp
    Filesize

    624KB

    Download
  • memory/2500-125-0x0000000007FE0000-0x000000000804A000-memory.dmp
    Filesize

    424KB

    Download
  • memory/3240-126-0x0000000000400000-0x000000000042F000-memory.dmp
    Filesize

    188KB

    Download
  • memory/3240-127-0x0000000001090000-0x00000000013B0000-memory.dmp
    Filesize

    3.1MB

    Download