Extracted

• • Target

    tmp4xdhc0k.bin

  • Size

    612KB

  • MD5

    97ab2171b12f2e2b41f65c02f23da953

  • SHA1

    5f8c09681c05ef89b17737eebe9452e522848428

  • SHA256

    a25247a44c6daf029eae02060c11c9a946d0648f2eedc1a6348822c7c6590af3

  • SHA512

    f2f4816d4d7be2cf90ce6310ca1fc4dd02f556d8bad21b9f22e1a8092bea20f9ebd0667dec726cfdb6cb338c61b8a295420f18a07abbbfc10500482b4d6ed2b7

  • SSDEEP

    12288:UjLj//DKqnAoX8EIrdQE0b/QFoOKIrpYZIrDb0kt7OSbSU/:UPb/5n78rWzQSyCSrDb0kt7Hbf/

  Score

  10^/10

  formbookm82ratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook payload

    rat

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2