Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6cf3867c4338df6b7597f7a3cbaaff84d78bbe78527e7f328038d74c0c36ed0c

  • Size

    843KB

  • Sample

    220919-kvnnhshcf9

  • MD5

    a7b0e11ac60d6ebcebe73639758f6450

  • SHA1

    61f1b3d57d4c06e0b1da103f169a1fda54d90259

  • SHA256

    6cf3867c4338df6b7597f7a3cbaaff84d78bbe78527e7f328038d74c0c36ed0c

  • SHA512

    8a15d57c20fcd81f53840e2448beb301c73a1eb895ac004f31cb42f8748185c21be9067a906f3271582d9e98f180a98164634d3fd3d6eb1b59e2fdd5cadbc95e

  • SSDEEP

    12288:zHu7gt4eS5S5HEW7OFhD6aZkxyvgc6TZleDhs87wa3:L0S5uhukTvxsHei87h

Score
10/10
formbookag94ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ag94

Decoy

rexperfume.com

nguyens.site

jdzdzx.com

ashleybofficial.com

rc986.com

zenritusen-mania.com

cesarortizescritor.com

batchhousetapas.co.uk

aprendoenperu.com

nutricialia.online

astertion.top

gshhmy.com

veganrebels.uk

verification-regionsbank.com

perfectigirls.top

thisiskay.com

ftpbook.com

yzshwurp.top

thedigitalzenith.com

t-mobilesettlemet.com

Targets

    • Target

      6cf3867c4338df6b7597f7a3cbaaff84d78bbe78527e7f328038d74c0c36ed0c

    • Size

      843KB

    • MD5

      a7b0e11ac60d6ebcebe73639758f6450

    • SHA1

      61f1b3d57d4c06e0b1da103f169a1fda54d90259

    • SHA256

      6cf3867c4338df6b7597f7a3cbaaff84d78bbe78527e7f328038d74c0c36ed0c

    • SHA512

      8a15d57c20fcd81f53840e2448beb301c73a1eb895ac004f31cb42f8748185c21be9067a906f3271582d9e98f180a98164634d3fd3d6eb1b59e2fdd5cadbc95e

    • SSDEEP

      12288:zHu7gt4eS5S5HEW7OFhD6aZkxyvgc6TZleDhs87wa3:L0S5uhukTvxsHei87h

    Score
    10/10
    formbookag94ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix

Tasks