formbook | 22dcbd98f140f60b488ee8413a8a16b7d1d99b22ded2e82f5aad36cf454384a2 | Triage

Submit
Reports

Overview

overview

Static

static

3

773c45a83d...ef.exe

windows7-x64

773c45a83d...ef.exe

windows10-2004-x64

Resubmissions

29-02-2024 00:20

240229-amtjpagh9w 10

29-02-2024 00:09

240229-affdgsgg7x 10

Sharing

General

Target

773c45a83df52922475f0f15663704ef.exe
Size

788KB
Sample

240229-affdgsgg7x
MD5

773c45a83df52922475f0f15663704ef
SHA1

316606979bf8723168aaf01167a6519940961a80
SHA256

22dcbd98f140f60b488ee8413a8a16b7d1d99b22ded2e82f5aad36cf454384a2
SHA512

1fd814924fe45b4febeca118a1050f0c5eb783829b9c951756b08372f9b4e0b69c7c922ccec8e71941c25cd3f92d8a768a1d7fbccba60276de970dd35e91007d
SSDEEP

12288:PL11KynUvtx+49/9m6rYOH7Gf1cqrBkS45Uuj6t7HAGCOHa:zPKynUn+49/9mhObGuqP45Uc8HAfS

Score

10^/10

formbook zgrat m82 rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

773c45a83df52922475f0f15663704ef.exe

Resource

win7-20240221-en

formbook zgrat m82 rat spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

773c45a83df52922475f0f15663704ef.exe

Resource

win10v2004-20240226-en

formbook zgrat m82 rat spyware stealer trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

m82

Decoy

jamesdevereux.com

artificialturfminneapolis.com

hongmeiyan.com

lojaderoupasbr.com

yit.africa

austinrelocationexpert.com

saiva.page

exitsategy.com

chochonux.com

klosterbraeu-unterliezheim.com

byseymanur.com

sblwarwickshire.co.uk

brazimaid.com

ciogame.com

bronzesailing.com

dwkapl.xyz

022dyd.com

compassandpathwriting.com

alphabet1x.com

selfcleaninghairbrush.co.uk

power-bank.co.uk

kickskaart.com

baumanbilliardsnv.com

bestcp.net

doghospitalnearme.com

mixano.africa

helarybaber.online

illubio.com

ciutas.com

ldpr33.ru

killtheblacks.com

cassino-portugal.com

danhaii.com

gvtowingservice.com

let-travel.africa

dental-implants-67128.com

facetaxi.xyz

ctjh9u8e.vip

kyosaiohruri.com

executivepresencetrainer.com

greatharmony.africa

feelingsarereal.com

devopsuday.club

happiestminds-udemy.com

fittingstands.com

happyhousegarment.com

24daysofheaven.com

herhustlenation.com

xn--oy2b27nt6b.net

hothotcogixem.online

hausmeisterservice-berlin.net

hjddbb.com

stoutfamilychiro.com

bookishthoughtsbychristy.com

gibellinaheartquake.com

8cf1utrb6.xyz

patrick-daggitt.com

ebcbank.net

angel909reviews.com

arcteryxsouthafricaonline.com

cutematvhy.com

art2z.com

bulkforeverstamps.com

heatbling.com

despachocontablequinsa.com

Targets

- Target
  
  773c45a83df52922475f0f15663704ef.exe
- Size
  
  788KB
- MD5
  
  773c45a83df52922475f0f15663704ef
- SHA1
  
  316606979bf8723168aaf01167a6519940961a80
- SHA256
  
  22dcbd98f140f60b488ee8413a8a16b7d1d99b22ded2e82f5aad36cf454384a2
- SHA512
  
  1fd814924fe45b4febeca118a1050f0c5eb783829b9c951756b08372f9b4e0b69c7c922ccec8e71941c25cd3f92d8a768a1d7fbccba60276de970dd35e91007d
- SSDEEP
  
  12288:PL11KynUvtx+49/9m6rYOH7Gf1cqrBkS45Uuj6t7HAGCOHa:zPKynUn+49/9mhObGuqP45Uc8HAfS
Score

10^/10

formbook zgrat m82 rat spyware stealer trojan
- Detect ZGRat V1
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

formbookzgratm82ratspywarestealertrojan

behavioral2

formbookzgratm82ratspywarestealertrojan

© 2018-2024

Terms | Privacy