Extracted

• • Target

    ახალი შესყიდვის ორდერი pdf.exe

  • Size

    2.0MB

  • MD5

    e5a337b7c7fc380562683f2f7f72e0f2

  • SHA1

    49e8d006f134165696f4bd5fdcb1e64aa51f0f47

  • SHA256

    32c368fd65657924f718e0d68afe18f36fa1df2b3203bc71a6cd00073ecddc94

  • SHA512

    a6b3866ac3be8c304804916ff4dac0acc8e1d6b0a09762e1e4c85999b46f07dbe8d25ca894c9b34ea30067163fea6c76a165d479facedc1dffb5b1acb842beae

  • SSDEEP

    49152:2fDe+fmH7RRZ1UW84VCyH+4FAGqnx+lg3jszc8u1xESCgIAPpUm:2fDQQs0YbM

  Score

  10^/10

  formbookgy15credential_accessdiscoveryexecutionpersistenceratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Formbook payload

    rat

  • Adds policy Run key to start application

    persistence

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2