Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    27-01-2022 18:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bd176d2e421040c6961295c15a390defd89bc98238e342df8dd4c4f6b5c9635e.exe

  • Size

    412KB

  • MD5

    37db3a0bdae598c7c9c7637f661dcb29

  • SHA1

    48bcac796a480135d0917dc819d81713fe87aa8c

  • SHA256

    bd176d2e421040c6961295c15a390defd89bc98238e342df8dd4c4f6b5c9635e

  • SHA512

    b693546b108de4a3e76a0c51ec3d0b7a5bc85d37989c02dc4b4c4144b496c8255fbb50263c9e81c2dcc06c30cd0f01d75dbfc06e8419bd7d054cc83dca8bfa6d

Score
10/10
formbookcw22ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cw22

Decoy

betvoy206.com

nftstoners.com

tirupatibuilder.com

gulldesigns.com

shemhq.com

boricosmetic.com

bitcoinbillionaireboy.com

theflypaperplanes.com

retrocartours.com

yangzhie326.com

cheepchain.com

sentryr.com

luckirentalhomes.com

pointssquashers.com

dianasarabiantreasures.com

calendarsilo.com

sublike21.xyz

gajubg0up.xyz

lousfoodreviews.com

fades.site

Signatures

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook
  • Formbook Payload 1 IoCs
    rat
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bd176d2e421040c6961295c15a390defd89bc98238e342df8dd4c4f6b5c9635e.exe
    "C:\Users\Admin\AppData\Local\Temp\bd176d2e421040c6961295c15a390defd89bc98238e342df8dd4c4f6b5c9635e.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2240
    • C:\Users\Admin\AppData\Local\Temp\bd176d2e421040c6961295c15a390defd89bc98238e342df8dd4c4f6b5c9635e.exe
      "C:\Users\Admin\AppData\Local\Temp\bd176d2e421040c6961295c15a390defd89bc98238e342df8dd4c4f6b5c9635e.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:1044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1044-123-0x0000000000400000-0x000000000042F000-memory.dmp
    Filesize

    188KB

    Download
  • memory/1044-124-0x0000000001770000-0x0000000001A90000-memory.dmp
    Filesize

    3.1MB

    Download
  • memory/2240-115-0x0000000000340000-0x00000000003AE000-memory.dmp
    Filesize

    440KB

    Download
  • memory/2240-116-0x0000000005240000-0x000000000573E000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/2240-117-0x0000000004BE0000-0x0000000004C72000-memory.dmp
    Filesize

    584KB

    Download
  • memory/2240-118-0x0000000004BD0000-0x0000000004BDA000-memory.dmp
    Filesize

    40KB

    Download
  • memory/2240-119-0x0000000004D40000-0x000000000523E000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/2240-120-0x0000000004E10000-0x0000000004E1C000-memory.dmp
    Filesize

    48KB

    Download
  • memory/2240-121-0x0000000006A30000-0x0000000006ACC000-memory.dmp
    Filesize

    624KB

    Download
  • memory/2240-122-0x0000000007210000-0x000000000727A000-memory.dmp
    Filesize

    424KB

    Download