Extracted

• • Target

    a75dd743_by_Libranalysis

  • Size

    256KB

  • MD5

    a75dd7431fff6664e2a12263881315ef

  • SHA1

    b28f29e87fe4b79bc87fe860d21a16780d31069c

  • SHA256

    6120294360629da33cd6f897de16401325be12ae2cd9dcc03857de7e0b4f94e4

  • SHA512

    dcef03d5e4678aa23d98284cc4c93d535885d6c6b3d2454f12803042393323275db7b32c0d7a553853fffba899d63a5d58fb92e75116d317533879fc28ebcc83

  Score

  10^/10

  formbookratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook Payload

    rat

  • Executes dropped EXE

  • Loads dropped DLL

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2