Extracted

• • Target

    Extrato_Global_68304302_2024-08-06.bat.exe

  • Size

    868KB

  • MD5

    9109a335c757cf11812dafe216bc5b62

  • SHA1

    4ac3cd51156fd397efd299915d9b407075c0df33

  • SHA256

    cc7cc38e5d7bc6d4f12623ff831c3611d73d905d78b62a173907b947d53242c1

  • SHA512

    fb15e69479c4bc1c1f23d1d4c551432d613e4299f10297b5f767e4255281a32f747f5b6466f3dc924fde514d4389d765fbc1b0a46d7a6c72ef4f540ca214128c

  • SSDEEP

    24576:n1c1teTi0mkaLVaEmtmn658CQZGQxosHt:GrCEHmtmn65wnoAt

  Score

  10^/10

  formbooksy52discoveryexecutionratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook payload

    rat

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2