Extracted

• • Target

    PURCHASE O 001.doc

  • Size

    68KB

  • MD5

    c860429617ec6fca50b2484426373265

  • SHA1

    2802b095e507b381539d9ea329d495b1f3b3bbfc

  • SHA256

    97012a8526b2c3c230145c295857f63ff2924bb4b2e3f39aea8de7e5e6a3e0dc

  • SHA512

    64db8b5ad6fb7f96120b95fb1587bd347550301edeb18f8c4ae247b2e3f066f97c426cd0d5db80d39dc2436cadc325b64f1d0ee456867390d904b55e66a6782b

  • SSDEEP

    768:OwAbZSibMX9gRWjxVWJnYeQ1sDmGw/lkuCnzyr:OwAlRQSnYeQ6nWr

  Score

  10^/10

  formbookoy30ratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook payload

    rat

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  behavioral1behavioral2