General
-
Target
4372c18fbe734ef31fffe8fbde52adda_JaffaCakes118
-
Size
355KB
-
Sample
240514-2x8vxadb96
-
MD5
4372c18fbe734ef31fffe8fbde52adda
-
SHA1
4b65e3ea741ba115088ffd0915e7f1963c4d91bc
-
SHA256
f5fa18d39f0b842d6a142a8c6da920bc494e880b5909b196fa68e7e6ffe4604c
-
SHA512
f906dfc4ae493b57c974770b1f2dc9d00a1c8a69e1e1eb625ef5eecc67fb385b1b68d4d0547d2aa6a195b4a6a4348a3919338d41511e9f83e9b243fd14e182d9
-
SSDEEP
6144:l9m82gw6NuqWzgETzScJHGfX80mzZPN/Wbt/jOXTTwhA4rdr:XKSuqWqcJmf8FxhWFjOXvkr
Malware Config
Extracted
formbook
3.9
po
toptravelbox.com
564manbetx.com
rainmakerfreedom.com
caobi954.com
vananhhandmade.com
reisengeniessen.net
milan000.com
opebet181.com
betshoppersparadise.com
zersenengineering.com
www4021166.com
itgifbhfhfg.online
wagertoken.com
casinomansions.net
gabiethiagomendes.com
com-services-secure-id.info
workdigitalmarketing.com
housesforcashpros.link
redsealdigital.com
hj1986.com
Targets
-
-
Target
4372c18fbe734ef31fffe8fbde52adda_JaffaCakes118
-
Size
355KB
-
MD5
4372c18fbe734ef31fffe8fbde52adda
-
SHA1
4b65e3ea741ba115088ffd0915e7f1963c4d91bc
-
SHA256
f5fa18d39f0b842d6a142a8c6da920bc494e880b5909b196fa68e7e6ffe4604c
-
SHA512
f906dfc4ae493b57c974770b1f2dc9d00a1c8a69e1e1eb625ef5eecc67fb385b1b68d4d0547d2aa6a195b4a6a4348a3919338d41511e9f83e9b243fd14e182d9
-
SSDEEP
6144:l9m82gw6NuqWzgETzScJHGfX80mzZPN/Wbt/jOXTTwhA4rdr:XKSuqWqcJmf8FxhWFjOXvkr
Score10/10-
Detect ZGRat V1
-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Formbook payload
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-