Extracted

• • Target

    602QN20427-1.exe

  • Size

    719KB

  • MD5

    6991d190933968b416189fe78bbb2d8b

  • SHA1

    046a63283cf4eb75656bb4f4c99413fbd0f86e3b

  • SHA256

    8b9641ea4b07a7e2e48a7be9f45a20b7c0663838d5430c90b452729843f4ea21

  • SHA512

    d8e98ba1818f7ba3f32ae516cb4e059c8a8264333499c11595ade883aed89cf1ea449d38646fa1061ffc76e2b990e11e747215b8a5aad2d9060f4c38cb6ee509

  • SSDEEP

    12288:9uzZBEP85trggY+9nmp35FVk9V7Sm3Ucu3eL8Xt1O6ctdWv0bO0lGbw:Q9BEP8wgYOcw313UcuuIXtNc+v0b7oE

  Score

  10^/10

  formbookce18ratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook payload

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2