Extracted

• • Target

    DHL-081023.exe

  • Size

    1005KB

  • MD5

    e9577305797da56c4538f35d2da1e6ef

  • SHA1

    4b19ed069368fa3b9433c9c8d8b4a050dfae77bc

  • SHA256

    6c8bb939433b05a8b56b08ef68f8c5b5f396bc2b5454ec09d4ee1654951ff463

  • SHA512

    28427e4d980c8aceb27fe0fd31275bf7fbf6fdac1b9730c80ff9e3917c6b064b0a605f83c0df3fd7cc0642305797e159711ffe5f94f6aaa3d42d3cc8373077f5

  • SSDEEP

    24576:NTbBv5rUanWnNr75xArQDF8XhV+dFGa6mPcyGJzQfs8FiNGVDoB:HBjWnd7HbghVRoGBQfookB

  Score

  10^/10

  formbookhesfratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook payload

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  behavioral1behavioral2