Extracted

• • Target

    USD92.15.exe

  • Size

    997KB

  • MD5

    7b711b729b01c38bbbed5ee08ef88347

  • SHA1

    45c70d807a9b741aec980b559ebec0c79a4cd1a0

  • SHA256

    6bf5a3809ca423061cb16a815ca5e5f3ba86d6c7fbf5233fd68b589012eae0ab

  • SHA512

    b94950da81e664bb2248411c39adb748f2042cad9e03ed4c212913e1b6e861d99e174b39e90084eaeeeaae6e067af7fd164ecf20d2f115a0ae77ffa9156f4581

  • SSDEEP

    12288:vJ6ShV7uikFgEeYeFav5bq5/wA9IVBrFPVgIBzcJtNv2j:h9hlubgSeFOb6/6frFPVXBzcRI

  Score

  10^/10

  formbookejgpratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Suspicious use of SetThreadContext

  behavioral1behavioral2