Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    164s
  • max time network
    178s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    31-01-2022 09:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    da00ad76bb648365108fb03a95cf69a56608e4605cfe02fcaf933af239ce7ac2.exe

  • Size

    514KB

  • MD5

    3dd400266e418778615ef84a247687d1

  • SHA1

    995b055ae2eb4f7ed8dd0d603cc3690a2bbe5c3c

  • SHA256

    da00ad76bb648365108fb03a95cf69a56608e4605cfe02fcaf933af239ce7ac2

  • SHA512

    8a202b59dc234c35a4538c2040ba3b2855df073ef3f32ce06fa7f784f22971362a4efd98ff2a41cb7a3b77ad6f6c840b00fcc55f8662ab10d9edf3d38d8bc16e

Score
10/10
formbookcw22ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cw22

Decoy

betvoy206.com

nftstoners.com

tirupatibuilder.com

gulldesigns.com

shemhq.com

boricosmetic.com

bitcoinbillionaireboy.com

theflypaperplanes.com

retrocartours.com

yangzhie326.com

cheepchain.com

sentryr.com

luckirentalhomes.com

pointssquashers.com

dianasarabiantreasures.com

calendarsilo.com

sublike21.xyz

gajubg0up.xyz

lousfoodreviews.com

fades.site

Signatures

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook
  • Formbook Payload 1 IoCs
    rat
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\da00ad76bb648365108fb03a95cf69a56608e4605cfe02fcaf933af239ce7ac2.exe
    "C:\Users\Admin\AppData\Local\Temp\da00ad76bb648365108fb03a95cf69a56608e4605cfe02fcaf933af239ce7ac2.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1064
    • C:\Users\Admin\AppData\Local\Temp\da00ad76bb648365108fb03a95cf69a56608e4605cfe02fcaf933af239ce7ac2.exe
      "C:\Users\Admin\AppData\Local\Temp\da00ad76bb648365108fb03a95cf69a56608e4605cfe02fcaf933af239ce7ac2.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/756-125-0x0000000000400000-0x000000000042F000-memory.dmp
    Filesize

    188KB

    Download
  • memory/756-126-0x00000000014D0000-0x00000000017F0000-memory.dmp
    Filesize

    3.1MB

    Download
  • memory/1064-118-0x0000000000790000-0x0000000000816000-memory.dmp
    Filesize

    536KB

    Download
  • memory/1064-119-0x00000000050E0000-0x00000000050E1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1064-120-0x00000000050D0000-0x00000000050E4000-memory.dmp
    Filesize

    80KB

    Download
  • memory/1064-121-0x00000000053E0000-0x0000000005472000-memory.dmp
    Filesize

    584KB

    Download
  • memory/1064-122-0x0000000005720000-0x00000000057BC000-memory.dmp
    Filesize

    624KB

    Download
  • memory/1064-123-0x0000000005AA0000-0x0000000005B06000-memory.dmp
    Filesize

    408KB

    Download
  • memory/1064-124-0x0000000006000000-0x00000000064FE000-memory.dmp
    Filesize

    5.0MB

    Download