Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4e57a7ae42e9005020df2671b6aa6cf19d044be264da5f8e1a4836d5a47b2f14

  • Size

    1018KB

  • Sample

    230608-gnbtlacg72

  • MD5

    8f25fe4c31de1a795ca154d7dacad298

  • SHA1

    754e42ede6c7d66fee0c161538ba7f274b09c613

  • SHA256

    4e57a7ae42e9005020df2671b6aa6cf19d044be264da5f8e1a4836d5a47b2f14

  • SHA512

    cf9dd4d770a70def7865431cb697e8b6b2ecd39bb73fd0835d72b16d5980c4fa802f2653587952c3d4e2426b55e4302b5f1611dd1f06f8c00bc132b0c45aa7d2

  • SSDEEP

    24576:ePLjh9E6G3VibpHIdebodR6jlKFtQVUv+iP8o79bO+:2jh3G32poHRS2tQuWikK9j

Score
10/10
formbookbe03ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

be03

Decoy

caritahu.xyz

myranksoldier.com

belanjakaleng.shop

happytalentatwork.com

miscdot.net

k007i.fun

btq8.com

ae888te.top

pp81870.com

fitness-instructor.asia

gigamoonai.com

rajabt.online

wearerdio.store

kolapsgretel.cfd

pgp912.com

greenbayrfl.com

ledscroller.net

geposmet.xyz

w77738.com

dillgemme.cfd

Targets

    • Target

      4e57a7ae42e9005020df2671b6aa6cf19d044be264da5f8e1a4836d5a47b2f14

    • Size

      1018KB

    • MD5

      8f25fe4c31de1a795ca154d7dacad298

    • SHA1

      754e42ede6c7d66fee0c161538ba7f274b09c613

    • SHA256

      4e57a7ae42e9005020df2671b6aa6cf19d044be264da5f8e1a4836d5a47b2f14

    • SHA512

      cf9dd4d770a70def7865431cb697e8b6b2ecd39bb73fd0835d72b16d5980c4fa802f2653587952c3d4e2426b55e4302b5f1611dd1f06f8c00bc132b0c45aa7d2

    • SSDEEP

      24576:ePLjh9E6G3VibpHIdebodR6jlKFtQVUv+iP8o79bO+:2jh3G32poHRS2tQuWikK9j

    Score
    10/10
    formbookbe03ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks