Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    48fcd109b51adcad58459318c092f4b6e8e5dcca682f9d60e1592e53dbb6174b

  • Size

    226KB

  • Sample

    221205-smg5rsef9z

  • MD5

    27b4c55d335f86868e234f8aa79ca058

  • SHA1

    1ecc8c5fefd7ad001b37078bd79d68f4331dc9ba

  • SHA256

    48fcd109b51adcad58459318c092f4b6e8e5dcca682f9d60e1592e53dbb6174b

  • SHA512

    e2c11d73be4c98dd7ddeab92898020e7bc2c9df16d99a4f2a54e4d5d5b3fbcb6c34c1869974fd43044535910756d058a761520a922dc0249ba93cfa963eec617

  • SSDEEP

    6144:QBn1XvXjPujhRD+dVfowhWJ2lBFlrggcZ:gfXjPyYVfoz0lnZKZ

Score
10/10
formbookf4caratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

f4ca

Decoy

omFHB5ajfJi1UEIEV9XcoRw=

UBjJkmQPyprdhcFF/bdCWQ==

evGKkBUj1je+otcfpw==

KgvGVeOATSt3nug0BIOm2JvOQycB

Lv6o3K0r9aSjI0lr9fg1txw=

LH1jJb/HieQpsEdqWCQTvX2PmsDVIeg=

99dte0XauJfk6Xv+uQxJFgA1gMktBA==

21FkkGB9gMniDQw2ffu6

r4lKBM/q6TZwVZfS

F+14qHeVWi56KdQ=

BgWXRsVoICMvvQ==

I+EozFl0Uy56KdQ=

xoXCgEllKEbWfjFCCLo=

qo9G1lXvvGt5GkxrLQWw

ORNlYic0PJ2ip4geEFSv

Yj+GFpvFxy0uVYx1fLI/XQ==

XL+veIKPjOTe4fjvFs+n

D2JKVAfuakXCAyoEvw==

voWJU81tH56wvt/vImbCcgVd

dVEcwFrmb8bZ4vXvFs+n

Targets

    • Target

      48fcd109b51adcad58459318c092f4b6e8e5dcca682f9d60e1592e53dbb6174b

    • Size

      226KB

    • MD5

      27b4c55d335f86868e234f8aa79ca058

    • SHA1

      1ecc8c5fefd7ad001b37078bd79d68f4331dc9ba

    • SHA256

      48fcd109b51adcad58459318c092f4b6e8e5dcca682f9d60e1592e53dbb6174b

    • SHA512

      e2c11d73be4c98dd7ddeab92898020e7bc2c9df16d99a4f2a54e4d5d5b3fbcb6c34c1869974fd43044535910756d058a761520a922dc0249ba93cfa963eec617

    • SSDEEP

      6144:QBn1XvXjPujhRD+dVfowhWJ2lBFlrggcZ:gfXjPyYVfoz0lnZKZ

    Score
    10/10
    formbookf4caratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks