Overview

overview

10

Static

static

10

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aa603a1e4874a19e331322ac204fdc615b9e2c8eff810336a9540d4c7c5d0d38

  • Size

    328KB

  • Sample

    220607-tfrajafdbm

  • MD5

    23e421072b6ebe8b53fde252e6990340

  • SHA1

    9a9f0b8fc33435bb8c29c55ff261b88e8b96eafa

  • SHA256

    aa603a1e4874a19e331322ac204fdc615b9e2c8eff810336a9540d4c7c5d0d38

  • SHA512

    6a0ce5b2494eacdec720e107605f95c2058fe75f8a52d72783b8dbbc2d9072a694c9a0f9eec07afc8e441fe2a88237121a2784c3f92ab44b622fc5938dc4d468

Score
10/10
formbookneshtag14spersistenceratspywarestealersuricatatrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g14s

Decoy

highnessmagazine.com

mokeyshop.com

remotedesktop.xyz

bicielettrica.xyz

addoncarzspa.com

ironesteem.com

asset-management-int.com

newportnewsaccounting.com

seriesyonkis2.com

hhivac.com

shrmgattlnow.com

yangzhenyu1.xyz

prettylittlenail.com

phyform.com

fggloballlc.com

gamecentertx.com

apriltoken.com

agalign.com

jointventurecoop.club

pengqianyue.tech

Targets

    • Target

      aa603a1e4874a19e331322ac204fdc615b9e2c8eff810336a9540d4c7c5d0d38

    • Size

      328KB

    • MD5

      23e421072b6ebe8b53fde252e6990340

    • SHA1

      9a9f0b8fc33435bb8c29c55ff261b88e8b96eafa

    • SHA256

      aa603a1e4874a19e331322ac204fdc615b9e2c8eff810336a9540d4c7c5d0d38

    • SHA512

      6a0ce5b2494eacdec720e107605f95c2058fe75f8a52d72783b8dbbc2d9072a694c9a0f9eec07afc8e441fe2a88237121a2784c3f92ab44b622fc5938dc4d468

    Score
    10/10
    formbookneshtag14spersistenceratspywarestealersuricatatrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Formbook Payload

      rat

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

1
T1042

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks