Overview

overview

10

Static

static

3

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    54d08c079e162698607d24a232cc8b51ea0cecf8df1d6fefa27726041e2cd366

  • Size

    598KB

  • Sample

    230808-htfkeacf4z

  • MD5

    5a8637cc62a5884edc586b690d0bac10

  • SHA1

    33ff0da34d35ef8051d5c88641502ee7bf2f0333

  • SHA256

    54d08c079e162698607d24a232cc8b51ea0cecf8df1d6fefa27726041e2cd366

  • SHA512

    818ea5ef21b7bb392cdd17bd9f0878cf1caa27d1d5a0e1fd8d05a22da73f3cf0859a97b0ad7ea0bc17ef8b83fba2eb93322b79a607676861abc308182db1764f

  • SSDEEP

    12288:BsniF9L2hCugpGy1Md/VmA01Z0/ROPRfxzIZp+kD/etaJedzY+GG:BsniKhjo1K/V01ZKRWPEX+K/jJed0+r

Score
10/10
formbookoi24ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

oi24

Decoy

sorterexpo.com

50imty.xyz

biscotrucking.com

urawep.xyz

parthaviorganic.com

quali-con.com

wgimawmo.click

19829e.com

wendywardband.com

peraepin.com

wintercot.com

cqfvnzlk.click

furar.top

fcvorbww.click

gazetarendaextra.com

bakerstack.com

plant-nursery-boweco.com

30235p.com

sartensaludable.com

dalmatiangarden.com

Targets

    • Target

      54d08c079e162698607d24a232cc8b51ea0cecf8df1d6fefa27726041e2cd366

    • Size

      598KB

    • MD5

      5a8637cc62a5884edc586b690d0bac10

    • SHA1

      33ff0da34d35ef8051d5c88641502ee7bf2f0333

    • SHA256

      54d08c079e162698607d24a232cc8b51ea0cecf8df1d6fefa27726041e2cd366

    • SHA512

      818ea5ef21b7bb392cdd17bd9f0878cf1caa27d1d5a0e1fd8d05a22da73f3cf0859a97b0ad7ea0bc17ef8b83fba2eb93322b79a607676861abc308182db1764f

    • SSDEEP

      12288:BsniF9L2hCugpGy1Md/VmA01Z0/ROPRfxzIZp+kD/etaJedzY+GG:BsniKhjo1K/V01ZKRWPEX+K/jJed0+r

    Score
    10/10
    formbookoi24ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks