Extracted

• • Target

    tmp

  • Size

    661KB

  • MD5

    c183facf14c26cf94a124c3a35c9fae9

  • SHA1

    af633b1cd07781bf5a8b4ddfe5c7a649c4fd5910

  • SHA256

    68ba26474bb29bdbc42cfddd75f212eec1ffa22d5c1affc893addce5330f4e11

  • SHA512

    e14828a0cdff8a962d893f23d965ca250190ef5bbd80ae54bea270be6596467f840958a1156d923d02bbd4183461c1dbff50c1d1767cf0288a5cadba630bf076

  • SSDEEP

    12288:VrmZ2iNIA3+CldXyLKF1kCxmCJuzOkC5IM3xDWoIo0sT5uFdLOB:q1wVKjJlJadC5IyCmDP

  Score

  10^/10

  formbookm42iratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook payload

    rat

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Suspicious use of SetThreadContext

  behavioral1behavioral2