Extracted

• • Target

    საბანკო გადარიცხვა pdf.exe

  • Size

    607KB

  • MD5

    f1b6c28862601615ed112a7d9fe4c522

  • SHA1

    f6c57de91d90ab459c003264979f3200796cf1b7

  • SHA256

    f27ca1ef4a89fb6d40bf7af8c8d31b3518883aee77d4fd0ce07279ad4699852b

  • SHA512

    2d4e1c7bcf60d3a085aaa471ac017febd6b0a899faa92b9b18bcb18c136f392809027f58b2c96512b3713da837cf7a4617026aa63e830b7b8e82ac26cbc67fec

  • SSDEEP

    12288:T4+13cDx3lNnuTjMmHZ9cMy7RY+9cJkf4OJFBsPaRtC:si+LNnAry7RY9Y4O7SD

  Score

  10^/10

  formbookgy15discoveryexecutionratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook payload

    rat

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2