formbook

General

Target

Swift Copy.zip
Size

25KB
Sample

240515-hsm8vsec54
MD5

526494543d8c40e17833f9b1356c0881
SHA1

ccc1e42780e5de0cca379d2bc2c427ae09d71a85
SHA256

7bd15d1373432664a9bec73add2f5f810f7aa4ba1e3b5b4d0886b681fe50dc03
SHA512

a43aa9a56cba19158c8869c738fc8c4ad885b3bc1e44330dba394559287939f7e433ae265cb1f0636bc3d03b9299e1f2ba028e4b1fc299d56948eed352910abf
SSDEEP

768:+tyk5FWuC5IiSdTkbux1tqoLUzMZsh8M20BXvDotCNv6o:+tldiSBkbufLSH2astCNv6o

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sr62

Decoy

pizzaperol.com

brooklynlearningstudio.com

legendlearningacghy.net

xtlg3i19o7czkv4.buzz

outdoorsproducts.xyz

nissanthanhhoa.com

mtviewproservices.com

tichris.com

monopolygo.llc

engagemaxmail.com

supremeinsure.com

2018b7.com

tedxkarunyauniversity.com

vaishnaviyoga.in

goddessoffetish.com

dazewu.com

844385.autos

caluxio.com

restaurantlataberna.com

charlieahunter.com

Targets

- Target
  
  Swift Copy.exe
- Size
  
  49KB
- MD5
  
  fadef7ce43e9627a752d03a41e71ee41
- SHA1
  
  f8a9907fdb73ca4b162b20a79d9384ab5277af31
- SHA256
  
  80762425adc5f24b5c7be359dd4cb7c1c657bb21f0304dcb89eb6bd6d8d8e0da
- SHA512
  
  764ddce479431043510647f95fb376be3b62bc7e6283173c9d7849130335a8daa2aad2b86e8a7693cd5c92c1b94e809cf1a0ec1ecbb2fb6c196d1764a0a9a081
- SSDEEP
  
  768:P1YSqVwQ8rD6pSg12mkQu3MyoELiym7/FDFTNxIrgBjv5VQ6:PyeQkDxtcyJm7tk0jv5VJ
Score

10^/10

formbook zgrat sr62 rat spyware stealer trojan
- Detect ZGRat V1
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect ZGRat V1

ZGRat

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2