Extracted

Extracted

• • Target

    53f32eb1e2023b9346427d2111b0e4ac33ff4592384a1f0dae3dd5fc90dc4b2c.xls

  • Size

    1.0MB

  • MD5

    625c489b71a4a7b7dc61dc3121368f02

  • SHA1

    a36ef17d7c854bd238b6113148b8ec11f54286d7

  • SHA256

    53f32eb1e2023b9346427d2111b0e4ac33ff4592384a1f0dae3dd5fc90dc4b2c

  • SHA512

    93a0dd13791b1ab3db705c6f74ea820c120a95ae041a6186474c16b19fe1c6d44d0b9ef7a816a47f71c82847b5f7941af88eb1b964dba513fc89c9eb800e2240

  • SSDEEP

    24576:lLKiSSMMednE8akAmmjmRakAmmjmw+MXUlHeA2222222222222222222222K2D0z:lLK2Mnaaoeaaoz+MX7TZVAw

  Score

  10^/10

  formbookpurecrypterar73downloaderloaderratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • PureCrypter

    PureCrypter is a .NET malware loader first seen in early 2021.

    loaderdownloaderpurecrypter

  • Formbook payload

    rat

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Uses the VBS compiler for execution

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2