Extracted

• • Target

    RE CNHTC--PO confirmation7876765655545654.exe

  • Size

    1.1MB

  • MD5

    3fe6259ed37afe425f5062f917897fe8

  • SHA1

    1ee3b44562f12d7236ad8b635f282532a7586e7d

  • SHA256

    f875be79be10a88a9a5c815b0676cbfc58f48e7524f2e4d383b2d7ef63d2e306

  • SHA512

    ba748a8fd1fc131fdd634d6ef77ee5325e6ad15f719d21e7d3932e96222ec72f269ee516421ee9c240be21b847e5ba94e66111d974d1aefcfd4a038833824807

  • SSDEEP

    24576:OKoG74DjPRhmKOC9Gbnn32Nd/xCjqdOp:O074fPLmuAbnn32Nd/CqdO

  Score

  10^/10

  formbookned5ratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook payload

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Suspicious use of SetThreadContext

  behavioral1behavioral2