Extracted

• • Target

    ETD101210182 HBL.xlsx

  • Size

    2.3MB

  • MD5

    b2081a672db023216f9688a9996937db

  • SHA1

    c5a9d18874d2ce94cd2f34a616d58540fb60940c

  • SHA256

    4d8d38beaefa856319c7092bd02208659f33329962b90bf6333f6ce35f1ac909

  • SHA512

    f71c6c24a56d0fa275662cb5f11934dff0b6ea4e178a792d7788cb4abf33a8707a71caa870bb3e5da2309d0aa72404f5d3979109e203d0613b5065ebb5b57ac3

  Score

  10^/10

  formbookratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook Payload

    rat

  • Blocklisted process makes network request

  • Executes dropped EXE

  • Loads dropped DLL

  • Uses the VBS compiler for execution

  • Suspicious use of SetThreadContext

  behavioral1behavioral2