Extracted

• • Target

    009888389998789290000-pdf.exe

  • Size

    876KB

  • MD5

    c4dc14e8754c36300ae98fa8b4369a40

  • SHA1

    9cd8e279dff02db6ffb9199cf6cb4ff5fc07cc37

  • SHA256

    c303fb93eba5623184f5bfb8fefbea2458e25ead795e6d5c5d5e78e921c6490e

  • SHA512

    ba4280059eb153941d0c06533542a10d25f5c95c45bbebce620f042560df2557e1eae6ea3a405d6663c9552eb8dc49bb1cfccb2659e834a06fac4587373c7382

  Score

  10^/10

  formbookhm2persistenceratspywarestealersuricatatrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • suricata: ET MALWARE FormBook CnC Checkin (GET)

    suricata: ET MALWARE FormBook CnC Checkin (GET)

    suricata

  • Formbook Payload

    rat

  • Adds policy Run key to start application

    persistence

  • Deletes itself

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Suspicious use of SetThreadContext

  behavioral1behavioral2