Extracted

• • Target

    d791946e423b64c9ec976a5b9491b6ee9294e8dda0e5707ffbb4c96448b908e1_JC.exe

  • Size

    551KB

  • MD5

    12b652ec70aefcda478ba3db7dade2ac

  • SHA1

    bb76a7b8eca4575a6a5400c03a46abc3d6b3be2e

  • SHA256

    d791946e423b64c9ec976a5b9491b6ee9294e8dda0e5707ffbb4c96448b908e1

  • SHA512

    b3cd9fa953379825ec608c3c4e61659460f277c69f9d900935c62be60306822b00005a47c2037b818751f737edba259a359f27c0c0fb1a4490691547d7516adc

  • SSDEEP

    12288:9g725DuLH+qhoWaJByQZtPiY4RkONr/4GR66G0YvQFE5La:JQz+qh5QXaXR3/4GR66cvuE5+

  Score

  10^/10

  formbookg11yratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook payload

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2