Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d5eef3f65088246cc1e88428e3884c80fa0742745debb7125761c4a50eba4e2f

  • Size

    634KB

  • Sample

    230418-f9hctsbe31

  • MD5

    9a9d7df5bd452c3ff81b775958c31dcf

  • SHA1

    a26a7b941598ac2a8df788792dae11d9ee187809

  • SHA256

    d5eef3f65088246cc1e88428e3884c80fa0742745debb7125761c4a50eba4e2f

  • SHA512

    87e614dc34090ac170f4ae482994f8ed863badbbe793cc12a53258bace7e2415d4b361305de3297c4c19a39a8cfba1bd8ab7d81ca60479ac08a5f5886be29151

  • SSDEEP

    12288:GPGLGylTuduUeJUbFY0xc97xOhs6u/WsQqS7uL9KVq5J2Eg:GS7lTudMYa54u6u/WsQq7L4K7

Score
10/10
formbooksd03ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sd03

Decoy

bagmart.net

1wuxns.top

guohuifanli.com

facetaxi.xyz

fresnodailynews.online

2854x.com

fxprods.live

alley-oop.app

lolabanet.com

websleuths.africa

billydeluca.com

bbmmarketinginc.com

aldcrew.com

laolaijx.com

bflaherty.work

catawbabank.com

nesty.africa

infochat.top

burningsensationtreatment.site

translogistic.africa

Targets

    • Target

      d5eef3f65088246cc1e88428e3884c80fa0742745debb7125761c4a50eba4e2f

    • Size

      634KB

    • MD5

      9a9d7df5bd452c3ff81b775958c31dcf

    • SHA1

      a26a7b941598ac2a8df788792dae11d9ee187809

    • SHA256

      d5eef3f65088246cc1e88428e3884c80fa0742745debb7125761c4a50eba4e2f

    • SHA512

      87e614dc34090ac170f4ae482994f8ed863badbbe793cc12a53258bace7e2415d4b361305de3297c4c19a39a8cfba1bd8ab7d81ca60479ac08a5f5886be29151

    • SSDEEP

      12288:GPGLGylTuduUeJUbFY0xc97xOhs6u/WsQqS7uL9KVq5J2Eg:GS7lTudMYa54u6u/WsQq7L4K7

    Score
    10/10
    formbooksd03ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix

Tasks