Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    99c56c4551be01e229f63d5159d90f28c0b3fc18e7beae133aeea99a07f7feeb

  • Size

    225KB

  • Sample

    221206-r68w6abd2s

  • MD5

    fc978e8e9d20edf8f2a0c4b157fe1920

  • SHA1

    85dee7df3f6c544117cde35c89d058856fa5f559

  • SHA256

    99c56c4551be01e229f63d5159d90f28c0b3fc18e7beae133aeea99a07f7feeb

  • SHA512

    a6796ffb98031e85d7916f40eca661e2bdc7f76b5f29bed8d818420a1a060acf801c965cc347181c81e5458e72751d4c7e464aa4dd2ba4f7f10ca3d13650ec25

  • SSDEEP

    6144:QBn14Fe6S294SbWAClQO5WkuJ9rkKwT/ZUyeok:g4Fe69IQO5+3krFw

Score
10/10
formbookhenzratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

henz

Decoy

IxWMb+jVsoinShuZJzk=

TPfKgQZ//oGnKr/J

EsK0WxD5kY65XOW1Td/5CxSUpCUytR7M

KebSmiCP9p8yUw==

HAt/ljkEuqMLHOLCi53Pv8MKX9qk

CY4ogZTwJc4vSw==

WWDIx5UYUDyepntE0YIAPca3/rI=

+Pkr01Lfb2rME7bL

S5nyK0p8jS2xdwQ=

W/oqvlO57LfkLcLHnQ==

zrrwtqkTLwxulm4l8FGopw==

AqucYext8bzFbOKthIm8E6gfVkUHxKY=

OfnjeDs78+RTcz4OHRl+

XKf1wwpZR5hLLjHgmUGOpQ==

JMyhSLoJPTCwn5o9zX2d8i1+

Wk54MBsDhWSVbnIRkQ==

7aaYR/tOhh9piTw5/KHSRwuK2iqgafw7pQ==

hH/EYxN+jC2xdwQ=

S0F4ORqDjS2xdwQ=

0o/UwXnuJ+sJp0cOHRl+

Targets

    • Target

      99c56c4551be01e229f63d5159d90f28c0b3fc18e7beae133aeea99a07f7feeb

    • Size

      225KB

    • MD5

      fc978e8e9d20edf8f2a0c4b157fe1920

    • SHA1

      85dee7df3f6c544117cde35c89d058856fa5f559

    • SHA256

      99c56c4551be01e229f63d5159d90f28c0b3fc18e7beae133aeea99a07f7feeb

    • SHA512

      a6796ffb98031e85d7916f40eca661e2bdc7f76b5f29bed8d818420a1a060acf801c965cc347181c81e5458e72751d4c7e464aa4dd2ba4f7f10ca3d13650ec25

    • SSDEEP

      6144:QBn14Fe6S294SbWAClQO5WkuJ9rkKwT/ZUyeok:g4Fe69IQO5+3krFw

    Score
    10/10
    formbookhenzratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks