Extracted

• • Target

    MalwareBazaar.5

  • Size

    653KB

  • MD5

    f205c1fbf5d8a384899c2d4c25866f70

  • SHA1

    51fd6812d379d3f16ea7c331b64e3df03bb16558

  • SHA256

    5a4a51d74e1843630ec0749d480f0057efd6d0b3e867253d1e871f6394171dc7

  • SHA512

    40806add39344f56a55f32707a7a5402f9aa96d4a6512ee5daaa93c8bd3e2336ef81999183deaf61cea446ff68ee1dd96e73bbb72ee3e480d16ac2544b18c773

  • SSDEEP

    12288:BWxa/zmcDXmoamqD+iejZKSK9q0ypKXt7jblMHrtxxGXFKgs8ZkR:BWxaakvamqKioJKuSljZMLHM1KV8E

  Score

  10^/10

  formbookps15discoveryexecutionratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook payload

    rat

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Suspicious use of SetThreadContext

  behavioral1behavioral2