Extracted

• • Target

    84fd288b1a34fb0f876bfc4f12f3d089827ebe8caf420b4177e9f15f290b8997.exe

  • Size

    759KB

  • MD5

    73971d9bb5978da625ee8033c26f24dc

  • SHA1

    ca74d84b32614f44ada286894de27ae4dbcbed2f

  • SHA256

    84fd288b1a34fb0f876bfc4f12f3d089827ebe8caf420b4177e9f15f290b8997

  • SHA512

    e5e836ae19e85a8350b443a08f3c0484251907a9db5581601be60c3e6020c86a3352fa0d0f7b895dac08ad917db7401db4e6b2bdc31cdea45ca9b9776db8f2e6

  • SSDEEP

    12288:wCc05cBN2iN/BAzTlce2clOTeA17pbEhDIaj4/sZuMn+AwDLZ014GBK:wCc05cBN1FBAzTlHOTeAChjlZuTA2LZ+

  Score

  10^/10

  formbookna10discoveryexecutionratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook payload

    rat

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2