Extracted

• • Target

    tmp

  • Size

    661KB

  • MD5

    bbd078b0a1887a7ee952c1b8689f3cc8

  • SHA1

    41d194f5ad444d504b0df6753b2ee344477df966

  • SHA256

    2a43da13d635789edfb0cd6928427911e3295c06e921cebdaa3319c7c1f65b77

  • SHA512

    31454bf7baeea799465bf6adad68745d0f637f05acb5143e0a745ca8530acb2a1ffe75d9d0851ab85a447b5d56807e9388ffbda87746f45130eb1b5f90646d2d

  • SSDEEP

    12288:R7m72iNQveOlVp2So0hOmAVVOFArlqm5okVPYVtO4JwKQrPvwDi:g1CeEVpBo0DAVnbPSrZJrDi

  Score

  10^/10

  formbookfgh2ratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook payload

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Suspicious use of SetThreadContext

  behavioral1behavioral2