Extracted

• • Target

    1d77e6b59c60817f9c5b17e620db8c30a6fda1c3ae638961f3a907b78d4e9128.exe

  • Size

    716KB

  • MD5

    2d6a88e10dfe5531ed92d544673dbf28

  • SHA1

    ae492a0598cc2f6edaeb6ba2c9fbc0f863a4b295

  • SHA256

    1d77e6b59c60817f9c5b17e620db8c30a6fda1c3ae638961f3a907b78d4e9128

  • SHA512

    973ea348ad79ccb41ab918daa9f4563b6e4f5e1036b8f0c55dcb85cb5a37db28d298455b8c898e361d9fde1b177f709a14f0424b56d921ca257809bc8db66a37

  • SSDEEP

    12288:kU3929BC4rqhpFR/gnsb7GtDUABGSFprkijFML6n3gZ0kzmwt23xNFVH0lDkR:kU89BNuhXJgnsb7GtbFprk8qL63ENmwE

  Score

  10^/10

  formbookps15discoveryexecutionratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook payload

    rat

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2