formbook

General

Target

26cc0c76595f1e82f6be57f44a7c6232_JaffaCakes118
Size

821KB
Sample

240508-z7kjysaf32
MD5

26cc0c76595f1e82f6be57f44a7c6232
SHA1

0d58b9a7feb0c43aa20907707ce81ebfd21f21a6
SHA256

4275b2dbfe9de1028660a52bae61fc22d560abf0a96d9bf8079b319e8f610973
SHA512

be9cc0efe3433a9d8320df49385a699e5df713cfe83008267ba76e334e35058ca7e4aeeda83ae178a62f9fd46e9adfc57cbbc7c1f0e35d5f258a18f4bcb72e4e
SSDEEP

6144:v3fINvQlQQbSLXdB8usErKQEDCYwIjtSdj/4KngWIq6jRkO:vPINvWQQV+mDCY5SKKngWIj

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

dg1

Decoy

fcbarcelona.cloud

diadelosdoggos.com

zgyxmt.com

puntlanddna.online

ob58zzk99.biz

alvamd.com

fjgcf.info

liquormelbourne.com

essentialkratom.com

konbiniotakara.com

stressnomorebyalyssa.com

adoptiondossiers.com

3dprinted.gold

grandmasystems.com

17klxx.com

fstoptom.com

redd2801.com

wxibh1vx.biz

ahqiheng.com

607manbet.com

Targets

- Target
  
  26cc0c76595f1e82f6be57f44a7c6232_JaffaCakes118
- Size
  
  821KB
- MD5
  
  26cc0c76595f1e82f6be57f44a7c6232
- SHA1
  
  0d58b9a7feb0c43aa20907707ce81ebfd21f21a6
- SHA256
  
  4275b2dbfe9de1028660a52bae61fc22d560abf0a96d9bf8079b319e8f610973
- SHA512
  
  be9cc0efe3433a9d8320df49385a699e5df713cfe83008267ba76e334e35058ca7e4aeeda83ae178a62f9fd46e9adfc57cbbc7c1f0e35d5f258a18f4bcb72e4e
- SSDEEP
  
  6144:v3fINvQlQQbSLXdB8usErKQEDCYwIjtSdj/4KngWIq6jRkO:vPINvWQQV+mDCY5SKKngWIj
Score

10^/10

formbook zgrat dg1 rat spyware stealer trojan
- Detect ZGRat V1
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect ZGRat V1

ZGRat

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2