Extracted

• • Target

    H3409D.exe

  • Size

    770KB

  • MD5

    8173c4f1aab9e70409d795b904d1b30b

  • SHA1

    ca3a7fa60e5f910647316450c257a11aab8e7299

  • SHA256

    d69785e0fa78ddb451072e232164234057e49a7671695c33c0db64adba871e44

  • SHA512

    0815ae280189619c39bbffc0b75a93d499363c1389c2e3c98eadce769f47d775e81be2bf3d293b6c4bb9e51a41d1398f2130c93983152adc19e25918835c6cb9

  • SSDEEP

    12288:gKLJyUZiUWf0sSEpcwXybqAsespUI2PRl/NnLLm:fly1UWf0s7qwXwI1pUDZl/NnLL

  Score

  10^/10

  modiloadertrojanformbookh3scpersistenceratspywarestealer

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader

  • Formbook payload

    rat

  • ModiLoader Second Stage

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2