Extracted

Extracted

• • Target

    New Order.docx

  • Size

    10KB

  • MD5

    37440402e2f3bed12f391338cbd4fc12

  • SHA1

    f28f9be236b1593f2f7da3ceb4b0478c96c7b0d0

  • SHA256

    b5bcdc51fdaabc11a62e8401493b5fa24b6f4a350d597cc58a04cfc0dedefbfc

  • SHA512

    468e045dcec4558ed25e25f0dae0fb99be55e300994ffc698e2cb6dfc0812c89d3a13a69e0fe0166d4f0a50891bcb1f65526122e8ae52b67056c937e25c7fa5a

  Score

  10^/10

  formbookratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook Payload

    rat

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Abuses OpenXML format to download file from external location

  • Loads dropped DLL

  • Uses the VBS compiler for execution

  • Suspicious use of SetThreadContext

  behavioral1behavioral2behavioral3