formbook

General

Target

43c1fa37a457ffd874f0a9436454ebe0_JaffaCakes118
Size

822KB
Sample

240515-apf2dafh5z
MD5

43c1fa37a457ffd874f0a9436454ebe0
SHA1

ad1fd83082b611467ddc7ecccb00c5166514f3e0
SHA256

128d2cc43031cf39f048f0121ec0e822b0428afbab703b0a9457cca9fc8325d3
SHA512

6be7fe107fe6130f88853ce5e95779f53c8d5741958e7b24dae3768d3c2132ef3be4c943b7a4fcbd8b45fee00b1f71920e047687b33802646d556b11d373e195
SSDEEP

6144:/vpIKl0eyoPbDIC/rMlXSWOUN0LwGodiCj1DSdj/4KngWIq6jRkoQ6o://QqnIMrO70LBeSKKngWIjLBo

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

dg1

Decoy

fcbarcelona.cloud

diadelosdoggos.com

zgyxmt.com

puntlanddna.online

ob58zzk99.biz

alvamd.com

fjgcf.info

liquormelbourne.com

essentialkratom.com

konbiniotakara.com

stressnomorebyalyssa.com

adoptiondossiers.com

3dprinted.gold

grandmasystems.com

17klxx.com

fstoptom.com

redd2801.com

wxibh1vx.biz

ahqiheng.com

607manbet.com

Targets

- Target
  
  43c1fa37a457ffd874f0a9436454ebe0_JaffaCakes118
- Size
  
  822KB
- MD5
  
  43c1fa37a457ffd874f0a9436454ebe0
- SHA1
  
  ad1fd83082b611467ddc7ecccb00c5166514f3e0
- SHA256
  
  128d2cc43031cf39f048f0121ec0e822b0428afbab703b0a9457cca9fc8325d3
- SHA512
  
  6be7fe107fe6130f88853ce5e95779f53c8d5741958e7b24dae3768d3c2132ef3be4c943b7a4fcbd8b45fee00b1f71920e047687b33802646d556b11d373e195
- SSDEEP
  
  6144:/vpIKl0eyoPbDIC/rMlXSWOUN0LwGodiCj1DSdj/4KngWIq6jRkoQ6o://QqnIMrO70LBeSKKngWIjLBo
Score

10^/10

zgrat rat formbook dg1 spyware stealer trojan
- Detect ZGRat V1
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect ZGRat V1

ZGRat

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2