Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    81ce31f6f3cd9a6a6037c411a1485bee35eaa93965fc6ccc2bd857c991fcad90

  • Size

    266KB

  • Sample

    221207-jkvteagc43

  • MD5

    f919de1034edc7b8a4a5a8aa8f0067dd

  • SHA1

    ce50421738d5fb3108fe147dfdea5733fb01e19e

  • SHA256

    81ce31f6f3cd9a6a6037c411a1485bee35eaa93965fc6ccc2bd857c991fcad90

  • SHA512

    946fafde24bf34a659d8df5bcd0db2ff3791b92c0fd36d96a9273436bbc75244cfb26cc9bf00d86370fc92d13d3e791905bc8f8fe97eb74e1ea3b556cd649b70

  • SSDEEP

    6144:MtXZXPanzcQUuLgsNG0BPspB4nAFmklJB:Mtsz5DLgsp5ngDlj

Score
10/10
formbookd06cdiscoveryratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

d06c

Decoy

douglasdetoledopiza.com

yxcc.online

primo.llc

mediamomos.com

cosmetiq-pro.com

22labs.tech

turbowashing.com

lindaivell.site

princess-bed.club

groundget.cfd

agretaminiousa.com

lomoni.com

nessesse.us

lexgo.cloud

halilsener.xyz

kirokubo.cloud

corotip.sbs

meghq.net

5y6s.world

weasib.online

Targets

    • Target

      81ce31f6f3cd9a6a6037c411a1485bee35eaa93965fc6ccc2bd857c991fcad90

    • Size

      266KB

    • MD5

      f919de1034edc7b8a4a5a8aa8f0067dd

    • SHA1

      ce50421738d5fb3108fe147dfdea5733fb01e19e

    • SHA256

      81ce31f6f3cd9a6a6037c411a1485bee35eaa93965fc6ccc2bd857c991fcad90

    • SHA512

      946fafde24bf34a659d8df5bcd0db2ff3791b92c0fd36d96a9273436bbc75244cfb26cc9bf00d86370fc92d13d3e791905bc8f8fe97eb74e1ea3b556cd649b70

    • SSDEEP

      6144:MtXZXPanzcQUuLgsNG0BPspB4nAFmklJB:Mtsz5DLgsp5ngDlj

    Score
    10/10
    formbookd06cdiscoveryratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks