Extracted

• • Target

    Enquiry Letter 2021_39 PDF .exe

  • Size

    706KB

  • MD5

    ebf459ab9f9e3280e01aa2afc78235cb

  • SHA1

    b78ba9874e119e3be2521471f0e9bdc6b22d0452

  • SHA256

    8357119ef28bc4518732db5fea2e1aae12a779c36c3beb0a732a224f460abddb

  • SHA512

    0831473ccb3bf1314199dd1085075967c8867a1261ec7fe03f5c3da58b2a7dd3158b41b1fa5d2496e722bea04fb0230e306baccbc4459523b21698ee0d2a8094

  Score

  10^/10

  formbookk2wpersistenceratspywarestealersuricatatrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • suricata: ET MALWARE FormBook CnC Checkin (GET)

    suricata: ET MALWARE FormBook CnC Checkin (GET)

    suricata

  • Formbook Payload

    rat

  • Deletes itself

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2