Extracted

• • Target

    Quotationv.exe

  • Size

    669KB

  • MD5

    52cfc15a97799e70a8b4a39b04bc8e2b

  • SHA1

    2cfa4daab21dd8115167a3ccba0080f5fdad63ff

  • SHA256

    f910b739d3d727fc1f5acde88b0740a575c603dc6c61246156c5debd6bd126bc

  • SHA512

    95b7d0c4942703ebfec9d405bfe08efd1f11c2af3b9f65e05bef5afb3440fabcff5e5733de9bec824331d6b22c26e72419e25ca66a6948c07c0c4d4cc98fcdc3

  • SSDEEP

    12288:lZq251MgHoOqx2sw/6h1/6tj/jrgLLZTh45s+hKeOknD1rfF32grpiAFKWDckjQc:3PjQLlahnrNbQAZgkj5

  Score

  10^/10

  formbookpdupratspywarestealertrojanpersistence

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook payload

    rat

  • Adds policy Run key to start application

    persistence

  • Deletes itself

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Suspicious use of SetThreadContext

  behavioral1behavioral2