Extracted

• • Target

    order SEP.exe

  • Size

    394KB

  • MD5

    7e17022d4cb372a3a853feedcd918d90

  • SHA1

    ad69c5d385a4d7156c8ff3eeb2379739c53ded02

  • SHA256

    3a7e2e98243c188fbda3734b22856c30febb41d1f7e0ddbc034906288aa72dae

  • SHA512

    0fa20e95892462768517fbacf5df0b62258d9a8f9f5bab521962571b49a9d50353042e48cbf2bc2ff1af300d62adfbe9cf34d3ea4e92eb0b8d090ccbd7c00692

  Score

  10^/10

  formbookg8upersistenceratrezer0spywarestealersuricatatrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • suricata: ET MALWARE FormBook CnC Checkin (GET)

    suricata: ET MALWARE FormBook CnC Checkin (GET)

    suricata

  • Formbook Payload

    rat

  • ReZer0 packer

    Detects ReZer0, a packer with multiple versions used in various campaigns.

    rezer0

  • Adds policy Run key to start application

    persistence

  • Deletes itself

  • Suspicious use of SetThreadContext

  behavioral1behavioral2