Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d8958a368d1b240ea4aeec66e287dc6ff1047f6e322276c8b7234a2d64aca3b1

  • Size

    441KB

  • Sample

    221123-mz5tpsfe36

  • MD5

    14e083baad9e3fd99f589a54e963a279

  • SHA1

    beab175a43d54e90603608fc8c1d90c9b0af8aea

  • SHA256

    d8958a368d1b240ea4aeec66e287dc6ff1047f6e322276c8b7234a2d64aca3b1

  • SHA512

    45d47cae8118048ddaf0eec82d2f087710133e4645e81803f42a50c277bb94c201482343792f62d8667313908245a0aa95f242ce720e3bb206676015a59585b2

  • SSDEEP

    6144:iyEa0sZPLivhZvzkUIRkPQyTsd1X8nUZmIwsBbIqpViE2m+aqtCeswZurC:is4T7wk4bdB87wIqpViEEh9

Score
10/10
formbooksk19ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sk19

Decoy

21diasdegratitud.com

kx1993.com

chasergt.com

837news.com

naturagent.co.uk

gatorinsurtech.com

iyaboolashilesblog.africa

jamtanganmurah.online

gguminsa.com

lilliesdrop.com

lenvera.com

link48.co.uk

azinos777.fun

lgcdct.cfd

bg-gobtc.com

livecarrer.uk

cbq4u.com

imalreadygone.com

wabeng.africa

jxmheiyouyuetot.tokyo

Targets

    • Target

      d8958a368d1b240ea4aeec66e287dc6ff1047f6e322276c8b7234a2d64aca3b1

    • Size

      441KB

    • MD5

      14e083baad9e3fd99f589a54e963a279

    • SHA1

      beab175a43d54e90603608fc8c1d90c9b0af8aea

    • SHA256

      d8958a368d1b240ea4aeec66e287dc6ff1047f6e322276c8b7234a2d64aca3b1

    • SHA512

      45d47cae8118048ddaf0eec82d2f087710133e4645e81803f42a50c277bb94c201482343792f62d8667313908245a0aa95f242ce720e3bb206676015a59585b2

    • SSDEEP

      6144:iyEa0sZPLivhZvzkUIRkPQyTsd1X8nUZmIwsBbIqpViE2m+aqtCeswZurC:is4T7wk4bdB87wIqpViEEh9

    Score
    10/10
    formbooksk19ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks