formbook

General

Target

1f112904748a1369e6fe50dee8b00756_JaffaCakes118
Size

595KB
Sample

240507-cffelagd57
MD5

1f112904748a1369e6fe50dee8b00756
SHA1

00c42823f74ddf87db776d746eee3e5fd4f33b5e
SHA256

d5c67af1346fed0b4ef7106cdca4ed27c8a574bd0b4e01258d56eec76a8e2968
SHA512

5615882042bbd73bb85d763d23533027e9898d2b4c44965ec20f81f3f8404179701f283747887bccdcea0ee6165e98765159a7bbe779d6a283acc90a8c3bfc5c
SSDEEP

6144:u71StmT+sbAyX58ZPCVuif1StmT+sbAyX58ZPCVuiK4itpOc0FDBK1OKPiOM8zI9:C8yIy581Qv8yIy581Q64MZKwOK6v5k

Score

10^/10

formbook zgrat yo agilenet rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

3.8

Campaign

yo

Decoy

creditformula.net

marketingwo.com

xn--w9q221mxha.com

mandanudes.com

dignity.exchange

outdooreveryday.com

legalandmedicaltranslations.com

grassrootsheals.com

voranado.com

thedayofficial.com

xn--6cs32cp56d.com

paketwisata.info

2b.church

konzerthausmuc.com

analytics-scanner.com

bodyperceptiontreatment.com

katyastan.com

ldede.win

eqy7g0.win

ewyurija.win

Targets

- Target
  
  1f112904748a1369e6fe50dee8b00756_JaffaCakes118
- Size
  
  595KB
- MD5
  
  1f112904748a1369e6fe50dee8b00756
- SHA1
  
  00c42823f74ddf87db776d746eee3e5fd4f33b5e
- SHA256
  
  d5c67af1346fed0b4ef7106cdca4ed27c8a574bd0b4e01258d56eec76a8e2968
- SHA512
  
  5615882042bbd73bb85d763d23533027e9898d2b4c44965ec20f81f3f8404179701f283747887bccdcea0ee6165e98765159a7bbe779d6a283acc90a8c3bfc5c
- SSDEEP
  
  6144:u71StmT+sbAyX58ZPCVuif1StmT+sbAyX58ZPCVuiK4itpOc0FDBK1OKPiOM8zI9:C8yIy581Qv8yIy581Q64MZKwOK6v5k
Score

10^/10

formbook zgrat yo agilenet rat spyware stealer trojan
- Detect ZGRat V1
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Formbook payload
  rat
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect ZGRat V1

ZGRat

Formbook payload

Obfuscated with Agile.Net obfuscator

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2