Extracted

• • Target

    SecuriteInfo.com.Other.Malware-gen.29890.16438.xlsx

  • Size

    288KB

  • MD5

    8b330fca4e3f56131727b3fc246ea937

  • SHA1

    ee2f2a899e8f2ee68a1b1bbcf3d54625682944f0

  • SHA256

    489e6a77763d56312fa2f10bf16dda809618217106b58709e29ccd8fed01a9a6

  • SHA512

    c489c96918d453e1527df509d9dce4a853e00764957777f5b38d226fd7dc978ec0ca410f9a76b80d8966a92ae6611ceaee5aa0673fea39713bf27bef68b7387c

  • SSDEEP

    6144:P/uZ+RwPONXoRjDhIcp0fDlavx+W26nAKGy0PQmU1Nd00lzL3:PFQmUdFB

  Score

  10^/10

  formbookus90ratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook payload

    rat

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Uses the VBS compiler for execution

  • Suspicious use of SetThreadContext

  behavioral1behavioral2