General
-
Target
3e6cb6a5af5ecb01dbd56fe6c33a22ea_JaffaCakes118
-
Size
440KB
-
Sample
240513-jkz35afh67
-
MD5
3e6cb6a5af5ecb01dbd56fe6c33a22ea
-
SHA1
e3404f90c9e5599d32707ea9ec2cf28b425ca09d
-
SHA256
a84082ae91276ae65520f597253a8b7c1d0756bd0818ba4f50a986b716fa356a
-
SHA512
2a2b8eb22b46fb3e527cf0ac73d419da4d45f09f15e8b74b3d0a5b7640e7a26da8bb1b409984975c40d6a0936b4bb11ad0aef510c6b4ccc2f40ba6938f25659b
-
SSDEEP
6144:4Ik+g+ykKrPe+SNbvEMdJJ+iYieQi2COv8XmTjkLm8nfsxF7wjimU9:4P9BDSNb9+iYZQD82vkLnfOOim
Malware Config
Extracted
formbook
3.8
h318
peertopeerleasing.com
asiatrianda.com
kingcredit2015.com
louzanabayas.info
winstoncabinets.com
6thcenter.com
bidrooom.com
artanova-horst.com
sssav13131.com
gurunanak.site
dondizitextile.com
srooapc.com
brandolphia.com
guild9gaming.com
opusalloysshireinquiry.com
ivsicongress2019.info
botgiatzeo.com
2sstoreusa.com
smkinc.net
ebook-discount.com
Targets
-
-
Target
3e6cb6a5af5ecb01dbd56fe6c33a22ea_JaffaCakes118
-
Size
440KB
-
MD5
3e6cb6a5af5ecb01dbd56fe6c33a22ea
-
SHA1
e3404f90c9e5599d32707ea9ec2cf28b425ca09d
-
SHA256
a84082ae91276ae65520f597253a8b7c1d0756bd0818ba4f50a986b716fa356a
-
SHA512
2a2b8eb22b46fb3e527cf0ac73d419da4d45f09f15e8b74b3d0a5b7640e7a26da8bb1b409984975c40d6a0936b4bb11ad0aef510c6b4ccc2f40ba6938f25659b
-
SSDEEP
6144:4Ik+g+ykKrPe+SNbvEMdJJ+iYieQi2COv8XmTjkLm8nfsxF7wjimU9:4P9BDSNb9+iYZQD82vkLnfOOim
Score10/10-
Detect ZGRat V1
-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Formbook payload
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-