Extracted

• • Target

    ordem de compra xxx50922 pdf.exe

  • Size

    690KB

  • MD5

    28993f4b93647dabe6603cbb21a7adb3

  • SHA1

    c2b2a34e7f52d5c173e8982f27783b74347d7e78

  • SHA256

    92901e1afa61d81882eaf7e1bc51fb693adce114a24e769cf234e1ad15109398

  • SHA512

    d8da8a4e5bdafef7f0a15b948bf632d2538bc360120b5d4ed1fa64b581bea8ab66f07bb329947ccec039401f976a229b39245e86860a42794680bfcbce0c65d6

  • SSDEEP

    12288:y06gea2iNP1UF+fSTk+UJtZheVI1m1i65w4BV61RdpNmMEeyxbkN8mZ65+:1Tf1FQUqMhtq75wlpNRBpNcI

  Score

  10^/10

  formbookm0d5ratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook payload

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2