Extracted

• • Target

    .Ord.Payment Release Details #Transaction Notice_Reconfirmation Process MTCR.exe

  • Size

    763KB

  • MD5

    0e378ba18f5e59ffe5a4f36644b865e0

  • SHA1

    4e95df969b896e9479a828bc126ec203a719735a

  • SHA256

    7680bfedac3073b6c2bdc52b80db6191584a5220d262a4fe5d63aeb8b9980efc

  • SHA512

    d5d7d9d5080275a14202caa48ebad8df84b6a426b3f35b2a7bf8da212747dc13c4ce3f694d711ac069c21184783b2b0012d0de932aafff1c76e98411fb356aaf

  • SSDEEP

    12288:IyGRetM/t0Y5DON60kTWtVn0b4JlsRCekgeD5Kr4:6N0EDOcWb0b4SCeZcsr

  Score

  10^/10

  formbookt36tratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook payload

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Suspicious use of SetThreadContext

  behavioral1behavioral2