Extracted

• • Target

    RFQOCEAN5645457788.scr.exe

  • Size

    698KB

  • MD5

    37deb8c1285c7787fe88a51b5064a435

  • SHA1

    e1b6a0133717759f4eff3072b3930996004df498

  • SHA256

    c8500adf5318aa42e5cfe9d6efe18d328538a6d8b36765d68820d2b99c3c9626

  • SHA512

    178bad353bf4b837a743f972bde48a357a48c0d747a5ea23294030811eef60f5fac02a3f0cfe7c50e27a2d0eaeb9f3144ecd8aeb6c3684cae8acbf5782c7521e

  • SSDEEP

    12288:aGZKzvFdBKYvI8TNmO6y4l22pStzZrwV7FD+j6o7jTFUNPkR:EdO6NN74lj8zRwV7AXnFUNK

  Score

  10^/10

  formbookm49zdiscoveryexecutionratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook payload

    rat

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2