Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7c0561d38ad8d30935cc4750ef54f86ae0e8fedd0858278b6a202cf9589ae4d5

  • Size

    336KB

  • Sample

    221208-nf5v2acg6s

  • MD5

    3b33c707e522fc9e706c62687387ddbc

  • SHA1

    d98eb37e12d6d7b03fd94933ab5f7dc445c67477

  • SHA256

    7c0561d38ad8d30935cc4750ef54f86ae0e8fedd0858278b6a202cf9589ae4d5

  • SHA512

    7591fdefeff5a11fea8726d784a62229de33378f54cd27841647c53983fca87f055e40f6743bd62d7bb0493bd11b4d3a4c19529f890d924f6872d804b19c8695

  • SSDEEP

    6144:9kwOU0Tna911TEwbdaqga1lpGC1xA67/jYUUEU6LrgJxet8ZJ8EGlu:Cf41y3ajpPA678UrU6LrgfeU8EGY

Score
10/10
formbookctapratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

ctap

Decoy

7fuiHU5O7pBugItrXtDlRbQzVNAypQ==

Ioe4Ezkvrkk5SljtGsXC

7SdYmzWqxYzoB10eYg==

87z12VKpqmy0nXHtGsXC

frPRoZR38nhTXl/tGsXC

JybcU3xwAWn21yEPd4XnKA==

B6LTKeV3SeQZAg==

9iFOJSEVtE+I6ea4tn6M72ANGm3K

bROuHdVCVl63QIZuI2etey+ugP0=

25FDh/Be3fhaReK+BwZm9aY+og==

ipYbazKawI7oB10eYg==

Y3ONgI2GHcStmm5WhEZCsE/GlNJovg==

NMjp1U2zzpPoB10eYg==

ZZOygHxoGkBxNTz1RnI=

Hy1dkswBcyQh

94qXZbB1+8ciD4Q=

JUhyQ8Fxl+4gBA==

7wuj4eTJFutgR7+k1R8mIA==

Nj3QJ1RBulY2AMS/1R8mIA==

LjFXk8zI5vgdq8N6ropiNA==

Targets

    • Target

      7c0561d38ad8d30935cc4750ef54f86ae0e8fedd0858278b6a202cf9589ae4d5

    • Size

      336KB

    • MD5

      3b33c707e522fc9e706c62687387ddbc

    • SHA1

      d98eb37e12d6d7b03fd94933ab5f7dc445c67477

    • SHA256

      7c0561d38ad8d30935cc4750ef54f86ae0e8fedd0858278b6a202cf9589ae4d5

    • SHA512

      7591fdefeff5a11fea8726d784a62229de33378f54cd27841647c53983fca87f055e40f6743bd62d7bb0493bd11b4d3a4c19529f890d924f6872d804b19c8695

    • SSDEEP

      6144:9kwOU0Tna911TEwbdaqga1lpGC1xA67/jYUUEU6LrgJxet8ZJ8EGlu:Cf41y3ajpPA678UrU6LrgfeU8EGY

    Score
    10/10
    formbookctapratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks