Extracted

• • Target

    Inv_7623980.exe

  • Size

    715KB

  • MD5

    227d565668ead14885a943f83fc3383e

  • SHA1

    88f2b466e2dd969d7b012cd53d4fba511159ccef

  • SHA256

    e28bce0b6ccf49e32050baa8539c9b91cbbbd9dbd8382be57f6e8c44bab74956

  • SHA512

    c5771abdacca1f2c77638f990d29c13e667afc1acb1f5aa59de2c6f09774e1300c222185feffbf4bf440e5610fe60022389f2d9380725db7e78acd2e57df07cb

  • SSDEEP

    12288:yF6syO+aQwRj/4pC8ogspJ+2uRmlAcaaQaM6pajDVkEgc2OX7T:fD3pC8fs/duRVsBpFEgc2M

  Score

  10^/10

  formbookm82ratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook payload

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2