Extracted

• • Target

    f1b9a646f9f8d56b38b2959ad2f7580d_JaffaCakes118

  • Size

    749KB

  • MD5

    f1b9a646f9f8d56b38b2959ad2f7580d

  • SHA1

    93bd698b8622ec10f5774f1aadc9f5a8c0f7aabd

  • SHA256

    ad4bb72b8e2dfc1d1e4423c9a0983aa98dafff2ea460d1fabe666b6daaafb585

  • SHA512

    d1b3992172c1859b40e8967e84e426d7ccb53df851319431ca7dbf80116cef7004ae67b94126ec116d8609ed30d3d21869ba6bd8a7c552fa60efc1d94bf9e34e

  • SSDEEP

    12288:ynTs/XxlcM43vsgxK8zDdV+gXqZoQ6k842:qTs/XxlcM43v5xK8zDdTXM842

  Score

  10^/10

  formbookvd9nratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook payload

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2