Extracted

• • Target

    43b26b0cc53ea7df2488d70e652d77fbeac5a3e2d9fb3705bcaf6e3f9152b0b9.exe

  • Size

    811KB

  • MD5

    ba9aadaadc270f2311dc84a4c33c3a8e

  • SHA1

    ea2bc535baa5f3d9efae8df9a1928f557c72b863

  • SHA256

    43b26b0cc53ea7df2488d70e652d77fbeac5a3e2d9fb3705bcaf6e3f9152b0b9

  • SHA512

    33ec365aa550cd7c7d99055c5d7f434f2e65541ccdde1a4665f74e64050f42cb9fbb3f64ec09793805e0e1792e1dcd9288eb7580fa5fe8a4f21b874c0ed0d6f4

  • SSDEEP

    12288:GkTDYsZ1DX/VDJtV7NuswRlClEl7xoDMvu/R9OPgpB0IOJc0:GyDYkMnoSLIMG/CPgT0Bc0

  Score

  10^/10

  formbookd0a7persistenceratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook payload

    rat

  • Adds policy Run key to start application

    persistence

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Suspicious use of SetThreadContext

  behavioral1behavioral2