Extracted

• • Target

    DB_DHL_AWB_001833022AD.exe

  • Size

    756KB

  • MD5

    2d985f3b5851efc28e57c98a70b9de4f

  • SHA1

    2d9b300138b372777cde6cbc41526121dfc2663d

  • SHA256

    0daf37a7f327ddc858e1c6c4a02974012fb9434de66256402c8091561ae16fd4

  • SHA512

    a9f9f73024a19283c368a2cc011d6e1cfdac63bf6786ca1ec9e8d765b67e105767ec62546b9339b58b2494c44e3ad51ee1614fd52073151bde2c638c0d6940ac

  • SSDEEP

    12288:IfCk22F22E22U22FAMTihh6xhZ6OrFIu/ZSwJBmLAMPeDKklYQ+zM4HkOKuTDNLO:Tk22F22E22U22eMUgh8yFI6SuW0v+zMh

  Score

  10^/10

  formbookcs94ratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook payload

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Suspicious use of SetThreadContext

  behavioral1behavioral2