Extracted

• • Target

    60bc892c0d2392091394c2ba22701447e399860c4b8d9a0dee014db3da78b1a6.exe

  • Size

    656KB

  • MD5

    dae6a17dd50c76b58fb2c7d980e801d9

  • SHA1

    8b1fce08ff057639bd4eb7ebd6231417569b6494

  • SHA256

    60bc892c0d2392091394c2ba22701447e399860c4b8d9a0dee014db3da78b1a6

  • SHA512

    9453a2389c54b524adfeee11bf90284168b2fff30c7c962fe48cdc3e7e1c893dfc45a64107067900440834be95f0cf02e83c7c7a8c2e673a2d73ef311f6bda04

  • SSDEEP

    12288:2M23a/zmcDXmxqPbKwII+foXlIHdHfQJkE1ij7qObjjTCYT59Whpehsh9kR:2V3aakXenBmSokE1ivcGshhg

  Score

  10^/10

  formbookmd02discoveryexecutionratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook payload

    rat

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2