Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2728b4a373b5fe9349f007facb3e2194f41b80ec41aa0eb87864bf81e7da0b8e

  • Size

    533KB

  • Sample

    221124-djtl3ada38

  • MD5

    e128315b2d2ffd6e1875157e2f73cf0f

  • SHA1

    0c33d30e0fe0deb22bc7bb9ebb149d2fb547210b

  • SHA256

    2728b4a373b5fe9349f007facb3e2194f41b80ec41aa0eb87864bf81e7da0b8e

  • SHA512

    cb60e487426c7a73e871d8b8f0296c5772d36c02e3fc461409ba739186112f962a3028f8b108d9c8f1789454e6072b2b58454d8b7342c879003b342c060398ce

  • SSDEEP

    12288:3AU8NBDoAfPPrhbNzuOhI7iXGbLulrTcsS:wU8wAfn1pN4ulrPS

Score
10/10
formbooksk19ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sk19

Decoy

21diasdegratitud.com

kx1993.com

chasergt.com

837news.com

naturagent.co.uk

gatorinsurtech.com

iyaboolashilesblog.africa

jamtanganmurah.online

gguminsa.com

lilliesdrop.com

lenvera.com

link48.co.uk

azinos777.fun

lgcdct.cfd

bg-gobtc.com

livecarrer.uk

cbq4u.com

imalreadygone.com

wabeng.africa

jxmheiyouyuetot.tokyo

Targets

    • Target

      2728b4a373b5fe9349f007facb3e2194f41b80ec41aa0eb87864bf81e7da0b8e

    • Size

      533KB

    • MD5

      e128315b2d2ffd6e1875157e2f73cf0f

    • SHA1

      0c33d30e0fe0deb22bc7bb9ebb149d2fb547210b

    • SHA256

      2728b4a373b5fe9349f007facb3e2194f41b80ec41aa0eb87864bf81e7da0b8e

    • SHA512

      cb60e487426c7a73e871d8b8f0296c5772d36c02e3fc461409ba739186112f962a3028f8b108d9c8f1789454e6072b2b58454d8b7342c879003b342c060398ce

    • SSDEEP

      12288:3AU8NBDoAfPPrhbNzuOhI7iXGbLulrTcsS:wU8wAfn1pN4ulrPS

    Score
    10/10
    formbooksk19ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks