Extracted

• • Target

    Aquatherm Rechnungen 384890 _Xlxs.exe

  • Size

    606KB

  • MD5

    82015111b3cffed68fee74b525f3265b

  • SHA1

    e43ae387a8bd5ce994a0529b0e1f0bc6c4ae8af3

  • SHA256

    49f8b73df45213da0f86e871fbd8d231cdfcc30e7ef8041d38ef062884e47b2e

  • SHA512

    54d227662a69606f19f23ddea553445f0f0e197928a12f31cbc24864233a63f4ddcab15293567ca051933b3e05180437077ab4b0c3e4895f2b8c39e702db3372

  Score

  10^/10

  formbookk2wpersistenceratspywarestealersuricatatrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • suricata: ET MALWARE FormBook CnC Checkin (GET)

    suricata: ET MALWARE FormBook CnC Checkin (GET)

    suricata

  • Formbook Payload

    rat

  • Deletes itself

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2