Extracted

• • Target

    aa2b257e539273585dbd122622d25c51

  • Size

    843KB

  • MD5

    aa2b257e539273585dbd122622d25c51

  • SHA1

    0b3ca104f6ae953559a969b1e30219712531b2e8

  • SHA256

    18e1c0b385dea6c1a52db85580f25fc0a2833084fd04e2a33288e739f08e3986

  • SHA512

    0f31142734fd91c28692939651a21aee4e60ee1adecc06804fabccddd77d133f3d8941b5dc03fa9c45a8935e79124a4ba08a01cfe03b9376481ecdb5eb08b6a1

  • SSDEEP

    24576:mK+Qb0wFVMNj5N/7BZ01bMy1QVPEfaDYO6E:bPYwFSh3TBZYbH1Qmfal6

  Score

  10^/10

  formbookvd9nratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook payload

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2