Extracted

• • Target

    Request for Quotation.exe

  • Size

    563KB

  • MD5

    8ea3b6a3901bd2793dfc396eb0b28f9b

  • SHA1

    959ea521fccb5d08b48c3508ee042e1bd426a221

  • SHA256

    902b6928c170fcb6980717091355f7f13d530701b8dac9f24041fbd11a1ddc71

  • SHA512

    9d8464f11be2b658429782044ce7ede5fd50baf396e6d302b52da8a8b70c94c6906edb03f2846291fed61f9a1b3be10bcc7aa57f7bcd2046a9c3874676c609e8

  • SSDEEP

    12288:FG2iNAe5+TDIxx11Nl1ZyM06feySuCB8QEnInyrTsNrr:FG1x8fID/Nl1Zy3Juy8Q6IynsNr

  Score

  10^/10

  formbookgo95ratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook payload

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2