Extracted

• • Target

    PO130323 - MARINOVA-GROUP.doc

  • Size

    1.0MB

  • MD5

    ce57d6e1defb119a0c2033c7863acf10

  • SHA1

    c9a8520e120f45a3ddc5a3db2303a36743ff64a6

  • SHA256

    af0f1613c4265a5adfb2a5b06a8abc91163daa51e28bd3657d2804c918371ab5

  • SHA512

    df75dee511035782e22da1b9030070ab41e540728d639f675e67ffc9742426c29e1ca98f99ab1bb9fa94790c422f0c12969aba396fcc03285612b92237b98bf2

  • SSDEEP

    24576:spjAOcC8OTgWT2NC9WbOiMRDxzYNqSPjZt8fKa+dIJ:i

  Score

  10^/10

  formbooknes8ratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook payload

    rat

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  behavioral1behavioral2