Extracted

• • Target

    b44ee52856f84ec787ba1c374c756932c713d3a93b8a610b0c4e362b008bb5eb

  • Size

    994KB

  • MD5

    ad50c081824b04713a98c32b22e487f8

  • SHA1

    757ca6a028d1e38efbedf24a8f957043ae22e694

  • SHA256

    b44ee52856f84ec787ba1c374c756932c713d3a93b8a610b0c4e362b008bb5eb

  • SHA512

    14af69699b174feea717cf92ecf97070878969596ed10f56dd871b57a52d09fcfb154a753e0a160dbdc813e96adea63c7139744751d5a645d5c1ed530abe96e0

  • SSDEEP

    12288:87mFpBYj6jRPLjRPqjBjjyjBjBjBjBjLjkeJ28I4Php94J8JVIQkxHiZ3jJDOK8H:GyBJVIQeIIpgOG75

  Score

  10^/10

  formbookdei5ratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook payload

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2