Extracted

• • Target

    Quotation RF181-2022.exe

  • Size

    753KB

  • MD5

    26d76b2a70a33f7d5a80e7508c281dcb

  • SHA1

    0de31ba488c53a8220590f2cfc94fde22b10e96b

  • SHA256

    3bdedad14e8d65032fccc3e16af3107b17fa664afb2f4c0cf081a8cdfb196f05

  • SHA512

    be7a9aa6b431ce601a4969252d67843a1d30b2151be83d7bd6c1bd9406d7955756d1577acfb86eb5343e9d94d1d25ab9d421f3f0d7a3ecaa7cb99239c765df44

  • SSDEEP

    12288:0JKsuO5p809sj0xMY6IIy4PryaZSQ8ORO1oTznmbhMWg3g43XR8:0JK+p8xjRfsuNwUEiTznmbng3R3XR8

  Score

  10^/10

  formbookoi05ratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook payload

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Suspicious use of SetThreadContext

  behavioral1behavioral2