Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    27-01-2022 13:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0be852dc052384c403f96e94c0f681c8d4b2429dbb413f9abe896e39f5cb7285.exe

  • Size

    408KB

  • MD5

    6e7eb23ed6f49f777c799e851872e00a

  • SHA1

    f1a1b891df9ad7850160459493f467534065e150

  • SHA256

    0be852dc052384c403f96e94c0f681c8d4b2429dbb413f9abe896e39f5cb7285

  • SHA512

    fcf32c873bfd8a32b985b671fb94f582dc2562cb59cc7bd20ce6523924958e8e191dbc53fb2c61af36c7f211e0df6c4dcdda04fd0e8a3ea33dc14f263df14b5b

Score
10/10
formbookfezuratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

fezu

Decoy

palisadeshiking.com

lusteror.com

blogmisaficiones.com

firstprinciplesteam.com

theindoorfarmer.info

sddn55.xyz

womensclothingonlineshop.com

amourneim.com

getlumichargeserver.com

mynegociodev.com

xn--riq159j.com

the-social-hub.com

buypremiumvpn.xyz

brightnes.info

catmanshopper.com

michellepalacdesigns.com

moveventurecapital.com

nzhzygba.com

papahungry.com

electric-classic-bike.com

Signatures

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook
  • Formbook Payload 1 IoCs
    rat
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0be852dc052384c403f96e94c0f681c8d4b2429dbb413f9abe896e39f5cb7285.exe
    "C:\Users\Admin\AppData\Local\Temp\0be852dc052384c403f96e94c0f681c8d4b2429dbb413f9abe896e39f5cb7285.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:3620
    • C:\Users\Admin\AppData\Local\Temp\0be852dc052384c403f96e94c0f681c8d4b2429dbb413f9abe896e39f5cb7285.exe
      "C:\Users\Admin\AppData\Local\Temp\0be852dc052384c403f96e94c0f681c8d4b2429dbb413f9abe896e39f5cb7285.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:3748

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3620-115-0x0000000000D70000-0x0000000000DDC000-memory.dmp
    Filesize

    432KB

    Download
  • memory/3620-116-0x0000000005C80000-0x000000000617E000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/3620-117-0x0000000005780000-0x0000000005812000-memory.dmp
    Filesize

    584KB

    Download
  • memory/3620-118-0x0000000005780000-0x0000000005C7E000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/3620-119-0x0000000005750000-0x000000000575A000-memory.dmp
    Filesize

    40KB

    Download
  • memory/3620-120-0x0000000005990000-0x000000000599C000-memory.dmp
    Filesize

    48KB

    Download
  • memory/3620-121-0x0000000007EA0000-0x0000000007F3C000-memory.dmp
    Filesize

    624KB

    Download
  • memory/3620-122-0x0000000008030000-0x000000000809A000-memory.dmp
    Filesize

    424KB

    Download
  • memory/3748-123-0x0000000000400000-0x000000000042F000-memory.dmp
    Filesize

    188KB

    Download
  • memory/3748-124-0x0000000001390000-0x00000000016B0000-memory.dmp
    Filesize

    3.1MB

    Download