Overview

overview

10

Static

static

1

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9a67166c5a81302300022d5fcf029600356460fcf3ce82fa37db08b131a0459f

  • Size

    413KB

  • Sample

    221205-ylldpadg8t

  • MD5

    a2b43ba6d6a6af9f0fa07cab1a1ffd64

  • SHA1

    0d63ee2545439dff61486e040fb8d921bee79ae3

  • SHA256

    9a67166c5a81302300022d5fcf029600356460fcf3ce82fa37db08b131a0459f

  • SHA512

    2a1105023880ae650ba67f2d657f3c0fe8c1a84c40a5a9ac5303f0c666226c454c40893f79073e816d14d873a3b583803934f9540a9ee7a604318affb1b427bb

  • SSDEEP

    6144:LBnmyK4O/ekC2y6gPWJ6OC4tp8k4Hg2Y5nkjtPPraKFMP4wzSl7dlP7O/9Dj:Q7e6gPPOCm8kSIsPWK2Ptzo7dpy

Score
10/10
formbook8rmtratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

8rmt

Decoy

3472cc.com

takecareyourhair.com

kontolajigasd21.xyz

daihaitrinh.net

syncmostlatestinfo-file.info

lovesolutionsastrologist.info

angelapryan.com

rio727casino.com

jjsgagets.com

devyatkina.online

thegoldenbeautyqatar.com

czytaj-unas24live.monster

timepoachers.com

gayxxxporn.site

72308.xyz

kristanolivo.com

hijrahfwd.com

bmfighters.com

alfamx.website

handfulofbabesbows.com

Targets

    • Target

      9a67166c5a81302300022d5fcf029600356460fcf3ce82fa37db08b131a0459f

    • Size

      413KB

    • MD5

      a2b43ba6d6a6af9f0fa07cab1a1ffd64

    • SHA1

      0d63ee2545439dff61486e040fb8d921bee79ae3

    • SHA256

      9a67166c5a81302300022d5fcf029600356460fcf3ce82fa37db08b131a0459f

    • SHA512

      2a1105023880ae650ba67f2d657f3c0fe8c1a84c40a5a9ac5303f0c666226c454c40893f79073e816d14d873a3b583803934f9540a9ee7a604318affb1b427bb

    • SSDEEP

      6144:LBnmyK4O/ekC2y6gPWJ6OC4tp8k4Hg2Y5nkjtPPraKFMP4wzSl7dlP7O/9Dj:Q7e6gPPOCm8kSIsPWK2Ptzo7dpy

    Score
    10/10
    formbook8rmtratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks