Extracted

• • Target

    Mar23.SOA.doc

  • Size

    29KB

  • MD5

    9cf9b2689e9cf1828198509df38ed707

  • SHA1

    cd3687a2aed2c33ac8194d18fdd9ec31f854a59a

  • SHA256

    04a5e2c14d7f9d46c5eac57ea70040bbe1e4215205b6f616b125463c3bb7a466

  • SHA512

    68e66d3dad87d99619e96976eadc61a55c5c0f93cc373a9ef1569d94c0b81b9306dcfbedd025a99bef982c6b9a783f6c43bd687748cfdb5ed64d3168030ba86d

  • SSDEEP

    768:BFx0XaIsnPRIa4fwJMXDICAhPjIJot1LnHWuTES:Bf0Xvx3EMzIh1jIOLbt

  Score

  10^/10

  formbookdr62ratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook payload

    rat

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  behavioral1behavioral2