General

  • Target

    Swift Copy.zip

  • Size

    25KB

  • Sample

    240515-hsm8vsec54

  • MD5

    526494543d8c40e17833f9b1356c0881

  • SHA1

    ccc1e42780e5de0cca379d2bc2c427ae09d71a85

  • SHA256

    7bd15d1373432664a9bec73add2f5f810f7aa4ba1e3b5b4d0886b681fe50dc03

  • SHA512

    a43aa9a56cba19158c8869c738fc8c4ad885b3bc1e44330dba394559287939f7e433ae265cb1f0636bc3d03b9299e1f2ba028e4b1fc299d56948eed352910abf

  • SSDEEP

    768:+tyk5FWuC5IiSdTkbux1tqoLUzMZsh8M20BXvDotCNv6o:+tldiSBkbufLSH2astCNv6o

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sr62

Decoy

pizzaperol.com

brooklynlearningstudio.com

legendlearningacghy.net

xtlg3i19o7czkv4.buzz

outdoorsproducts.xyz

nissanthanhhoa.com

mtviewproservices.com

tichris.com

monopolygo.llc

engagemaxmail.com

supremeinsure.com

2018b7.com

tedxkarunyauniversity.com

vaishnaviyoga.in

goddessoffetish.com

dazewu.com

844385.autos

caluxio.com

restaurantlataberna.com

charlieahunter.com

Targets

    • Target

      Swift Copy.exe

    • Size

      49KB

    • MD5

      fadef7ce43e9627a752d03a41e71ee41

    • SHA1

      f8a9907fdb73ca4b162b20a79d9384ab5277af31

    • SHA256

      80762425adc5f24b5c7be359dd4cb7c1c657bb21f0304dcb89eb6bd6d8d8e0da

    • SHA512

      764ddce479431043510647f95fb376be3b62bc7e6283173c9d7849130335a8daa2aad2b86e8a7693cd5c92c1b94e809cf1a0ec1ecbb2fb6c196d1764a0a9a081

    • SSDEEP

      768:P1YSqVwQ8rD6pSg12mkQu3MyoELiym7/FDFTNxIrgBjv5VQ6:PyeQkDxtcyJm7tk0jv5VJ

    • Detect ZGRat V1

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks