formbook

General

Target

14e47d86364381ba663a9d652b70936d_JaffaCakes118
Size

802KB
Sample

240504-24magsef4w
MD5

14e47d86364381ba663a9d652b70936d
SHA1

fc2bd392eac2de5fb3b79fdaf8c68cee3930c848
SHA256

65d7fc0bba6176b4d9e081fb04be4ceb3ae759dd7589aedcf46b2482663d6aca
SHA512

76a20478c13a12a8f9babe7557fdee4a270ad8287d47decd41e13eb4b024ff9203304afa4431f29cf2d7edf7d73f36af887d93e50b27d62bd17ac265a780902b
SSDEEP

12288:CGCCdvAft7X7rjy8U82vkLnfOOiml1bZ:CGdKfXyq2vk1ie

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

3.8

Campaign

dg1

Decoy

pilatesmania.life

5bcoin.com

ammowillcall.com

quickwinz.market

terigele.com

sohotoken.com

tielingwww.site

lz2b3.info

norisc.com

digitalkonsultan.com

925manbetx.com

laricipark.com

quantum7nutrition.com

xceedcg.com

hanagel.com

cane91.download

iotadocker.com

brackenupholstery.com

erfolg-sichern.online

bihuorg.com

Targets

- Target
  
  14e47d86364381ba663a9d652b70936d_JaffaCakes118
- Size
  
  802KB
- MD5
  
  14e47d86364381ba663a9d652b70936d
- SHA1
  
  fc2bd392eac2de5fb3b79fdaf8c68cee3930c848
- SHA256
  
  65d7fc0bba6176b4d9e081fb04be4ceb3ae759dd7589aedcf46b2482663d6aca
- SHA512
  
  76a20478c13a12a8f9babe7557fdee4a270ad8287d47decd41e13eb4b024ff9203304afa4431f29cf2d7edf7d73f36af887d93e50b27d62bd17ac265a780902b
- SSDEEP
  
  12288:CGCCdvAft7X7rjy8U82vkLnfOOiml1bZ:CGdKfXyq2vk1ie
Score

10^/10

formbook zgrat dg1 agilenet rat spyware stealer trojan
- Detect ZGRat V1
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Formbook payload
  rat
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect ZGRat V1

ZGRat

Formbook payload

Obfuscated with Agile.Net obfuscator

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2