Extracted

• • Target

    PE20-RQ- 1638.xlsx

  • Size

    2.2MB

  • MD5

    1d7daf2897ad1665ff54f39843b990be

  • SHA1

    3707185bbceb5b1503e1f93f2f52b7d0da94a6ab

  • SHA256

    412f59a07a0c57e7ac7df3da036ad28aaebf10f546cef0003307696e10e581d4

  • SHA512

    cf42249819e060938dc42a08965d8337c3cabe00cd58fb0d8619e6191ebecfd53863fd3dfa665d01031fc868a7fb93bd82345658c299890bb0d39e00e76cea03

  Score

  10^/10

  formbookratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook Payload

    rat

  • Blocklisted process makes network request

  • Executes dropped EXE

  • Loads dropped DLL

  • Uses the VBS compiler for execution

  • Suspicious use of SetThreadContext

  behavioral1behavioral2