Extracted

• • Target

    Akbank Hesap Özetiniz.exe

  • Size

    404KB

  • MD5

    5fe77c6027fa23fedabc857258e74dda

  • SHA1

    539ac0da68c1a997d1bac48086758c167fe740a1

  • SHA256

    a3a232eeba1fafa7da4d19cfa4a0dc02b593009499d17a1bac279a8d93c0663d

  • SHA512

    d3b27c18bfc957e72d314394aff6559483957ea4203629298ce24d8c3e68d680b3d0676428e5bb47e37e12b67aab1a8023854acdf19870b086e5472cf2b28673

  • SSDEEP

    12288:ztLWRJQobrqSnXhR/8HwIH4rmxOt93OXQ1swIoQ:z56JJ3nXhR/8QIYSxOtFcQBIoQ

  Score

  10^/10

  formbookguloaderfg83downloaderratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Guloader,Cloudeye

    A shellcode based downloader first seen in 2020.

    downloaderguloader

  • Formbook payload

    rat

  • Checks QEMU agent file

    Checks presence of QEMU agent, possibly to detect virtualization.

  • Deletes itself

  • Loads dropped DLL

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of NtCreateThreadExHideFromDebugger

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2