General

  • Target

    Swift Copy.exe

  • Size

    49KB

  • Sample

    240515-hel4msdc6z

  • MD5

    fadef7ce43e9627a752d03a41e71ee41

  • SHA1

    f8a9907fdb73ca4b162b20a79d9384ab5277af31

  • SHA256

    80762425adc5f24b5c7be359dd4cb7c1c657bb21f0304dcb89eb6bd6d8d8e0da

  • SHA512

    764ddce479431043510647f95fb376be3b62bc7e6283173c9d7849130335a8daa2aad2b86e8a7693cd5c92c1b94e809cf1a0ec1ecbb2fb6c196d1764a0a9a081

  • SSDEEP

    768:P1YSqVwQ8rD6pSg12mkQu3MyoELiym7/FDFTNxIrgBjv5VQ6:PyeQkDxtcyJm7tk0jv5VJ

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sr62

Decoy

pizzaperol.com

brooklynlearningstudio.com

legendlearningacghy.net

xtlg3i19o7czkv4.buzz

outdoorsproducts.xyz

nissanthanhhoa.com

mtviewproservices.com

tichris.com

monopolygo.llc

engagemaxmail.com

supremeinsure.com

2018b7.com

tedxkarunyauniversity.com

vaishnaviyoga.in

goddessoffetish.com

dazewu.com

844385.autos

caluxio.com

restaurantlataberna.com

charlieahunter.com

Targets

    • Target

      Swift Copy.exe

    • Size

      49KB

    • MD5

      fadef7ce43e9627a752d03a41e71ee41

    • SHA1

      f8a9907fdb73ca4b162b20a79d9384ab5277af31

    • SHA256

      80762425adc5f24b5c7be359dd4cb7c1c657bb21f0304dcb89eb6bd6d8d8e0da

    • SHA512

      764ddce479431043510647f95fb376be3b62bc7e6283173c9d7849130335a8daa2aad2b86e8a7693cd5c92c1b94e809cf1a0ec1ecbb2fb6c196d1764a0a9a081

    • SSDEEP

      768:P1YSqVwQ8rD6pSg12mkQu3MyoELiym7/FDFTNxIrgBjv5VQ6:PyeQkDxtcyJm7tk0jv5VJ

    • Detect ZGRat V1

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks