Extracted

• • Target

    Inv_7623980.exe

  • Size

    708KB

  • MD5

    9c884d10a2d407f683138f6832cb1b37

  • SHA1

    5e7b0ed225140b6e4f37b1192a3c1be4f97db673

  • SHA256

    7d32b52e3465e4c07cc727fa95fd264c07091fc0adf65ea0ed01ec0245836bf5

  • SHA512

    f96698bea261f434c8d1d8d100b16b43b017ef7a4d4206dae257f8c47b2304c8c7ddb1e56ca5fabec78556908a92dcddc11cb8ff7641e123a1849c297d6ea6b0

  • SSDEEP

    12288:Of4C6YN1PAGgNi6NniztzK9qHfXwz0J0tlZOEljncKEEQlVDUu:THiiirfXwz0uc8jnc6Q

  Score

  10^/10

  formbookm82ratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook payload

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2