Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c5066450d674e2d7729d0acb5d3b571c948064c68bf82efc27497b56ddfb562d

  • Size

    732KB

  • Sample

    221206-p5manaad45

  • MD5

    3374b87be5da25a09046d0b59ccc34c7

  • SHA1

    4bef0bfa8de1d50a3804f3af6394673fbe2cf81a

  • SHA256

    c5066450d674e2d7729d0acb5d3b571c948064c68bf82efc27497b56ddfb562d

  • SHA512

    92cca738e000d7bef12847babfea8e14b5f2b5122d208236ed1ec9d1ede984a91620371fbb5d7bd60d11c4477140e4afc5e9b068d8ae63b87915364445f988b5

  • SSDEEP

    12288:jwluhmomPZefCJBhaDUA7UAQ1PSxbUYW+DceP2NObN4VEsjJGPtqvyuv/m:eomxiiBhaDUAFQ1qazU5uUXvQF3m

Score
10/10
formbookpgntratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

pgnt

Decoy

0WG18LbM4lR9iqMRa4nlBzTb

jcfGYzPgZTqFZVO9FV2yIw==

laIfrdSC8/4CNg==

Q73ilev5GIWuOrAAFV2yIw==

Q2u/pMw7pv4sPA==

TbqvIUHwlQscPo0HFV2yIw==

8PNWfGPyE8n0IQ==

WtgROxXzvY2L

PryaRBNjm4eP

Y9Hdi06Cry1um9Sj68YAu1o=

3Gulyp7CMQtR78jvLkk=

JJ3GasTVTCRQT6Tfz6S6GlI=

RnS42bhb9tI0R6UpD6wOxriNxw==

he1mi2sOGfzTRGHnuA==

eaYjCtjxVjdU5XLRtBMBLKk9quA=

k9rTeEqYzzw8WaTfz6S6GlI=

5luVQwe2vJWKEAiMdF4=

MGW14L9OVk5Y5TaR6w/DqdhYxXVY

mAsYz6k6sQkDC0/DoHj9t1RPWLSgFQ==

y5klhuMbE8n0IQ==

Targets

    • Target

      c5066450d674e2d7729d0acb5d3b571c948064c68bf82efc27497b56ddfb562d

    • Size

      732KB

    • MD5

      3374b87be5da25a09046d0b59ccc34c7

    • SHA1

      4bef0bfa8de1d50a3804f3af6394673fbe2cf81a

    • SHA256

      c5066450d674e2d7729d0acb5d3b571c948064c68bf82efc27497b56ddfb562d

    • SHA512

      92cca738e000d7bef12847babfea8e14b5f2b5122d208236ed1ec9d1ede984a91620371fbb5d7bd60d11c4477140e4afc5e9b068d8ae63b87915364445f988b5

    • SSDEEP

      12288:jwluhmomPZefCJBhaDUA7UAQ1PSxbUYW+DceP2NObN4VEsjJGPtqvyuv/m:eomxiiBhaDUAFQ1qazU5uUXvQF3m

    Score
    10/10
    formbookpgntratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks