Extracted

• • Target

    tmp

  • Size

    274KB

  • MD5

    3745a1fe4166a96e06729c67fd1469c7

  • SHA1

    0bef21b140c023b1158ba5d90f74fb761f1c573b

  • SHA256

    e4a8d78909b8d84fcb3d01b91ddeab26615148da704621a3635ac869c9d5dcaf

  • SHA512

    0f8800a60cc66a64b9c14421c60b96c416e73612542f64b1a96758514b6f45552c68ae5a4f64ea7eee37298bf9cc3cf1da1ec0dbcc332ff4942b137f416654cc

  • SSDEEP

    6144:PweEU2uCgUVrQSDux93/mMvthm7pp7jsSLWVaKsTdDfYJfTd:z2uCg69Dux9Pmehm7pp/sSaVMZYJfTd

  Score

  10^/10

  formbookaxe3ratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  behavioral1behavioral2