Extracted

Extracted

• • Target

    3979bd4374308cc1a5a91f04c080b480dc4081dd2612aa2a9d1b504f09b7367c.exe

  • Size

    747KB

  • MD5

    3cd2595e3d20f8200d3ddf84b81932de

  • SHA1

    c05f5a5fd2e0da7be16621a5482541f3d492891c

  • SHA256

    3979bd4374308cc1a5a91f04c080b480dc4081dd2612aa2a9d1b504f09b7367c

  • SHA512

    fbc314a53bb2eeba48c0cf5793cc93b1f9361e62aa38de34c941d57bb677b0868e651ed46b783fef939c4b9659048b4a555c3e647201aae7ce1f9e9bf0731670

  • SSDEEP

    12288:H7nYP1+rSlwFON6zXeEt+f2VtTwfyfyp4P7r9r/+ppppppppppppppppppppppp0:HDYP1+rDOkKderNqS1qU

  Score

  10^/10

  404keyloggerformbookcixdiscoverykeyloggerpersistenceratspywarestealertrojan

  • 404 Keylogger

    Information stealer and keylogger first seen in 2019.

    stealerkeylogger404keylogger

  • 404 Keylogger Main Executable

  • 404Keylogger family

    404keylogger

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook family

    formbook

  • Formbook payload

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2