Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    fcb111870747765bbe1c5dfa321ddc77d97df0e3b99586438d35263d0dda584f

  • Size

    671KB

  • Sample

    230422-rngpysfc27

  • MD5

    a54ad18c2290a7ceffda55afc6e3b1f6

  • SHA1

    75368fe97e16281bde1381201da4ec27bf960261

  • SHA256

    fcb111870747765bbe1c5dfa321ddc77d97df0e3b99586438d35263d0dda584f

  • SHA512

    2246da541681de5752ccc3894bed57bf7b7a5d044d567b5ed3904133e32b7cf11ee75878fee904cb3f465b450df88759040f3bfc6e260a7503784c2a5e2fcfe7

  • SSDEEP

    12288:udU2iN6mto9bTvPCVV12xHOmkjY2kCEjn6MwqStWz:3103BxHOJjY22j6Mw

Score
10/10
formbookbtrdratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

btrd

Decoy

toulouse.gold

launchyouglobal.com

margarita-services.com

dasnail.club

casa-hilo.com

hardscapesofflorida.com

thepositivitypulse.com

kkmyanev.cfd

love6ace22.top

castorcruise.com

chch6.com

h59f07jy.cfd

saatvikteerthyatra.com

fxsecuretrading-option.com

mostbet-k1o.click

36-m.beauty

ko-or-a-news.com

eurekatextile.com

gynlkj.com

deepsouthcraftsman.com

Targets

    • Target

      fcb111870747765bbe1c5dfa321ddc77d97df0e3b99586438d35263d0dda584f

    • Size

      671KB

    • MD5

      a54ad18c2290a7ceffda55afc6e3b1f6

    • SHA1

      75368fe97e16281bde1381201da4ec27bf960261

    • SHA256

      fcb111870747765bbe1c5dfa321ddc77d97df0e3b99586438d35263d0dda584f

    • SHA512

      2246da541681de5752ccc3894bed57bf7b7a5d044d567b5ed3904133e32b7cf11ee75878fee904cb3f465b450df88759040f3bfc6e260a7503784c2a5e2fcfe7

    • SSDEEP

      12288:udU2iN6mto9bTvPCVV12xHOmkjY2kCEjn6MwqStWz:3103BxHOJjY22j6Mw

    Score
    10/10
    formbookbtrdratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix

Tasks