Extracted

• • Target

    view.exe

  • Size

    1.2MB

  • MD5

    13c50d12714b8d5177d53e6f0980346d

  • SHA1

    c3efaf564476634a8baca98028ffa9d1918a0a4c

  • SHA256

    ca6bf064da10636ada68b69d36ee69de1c794e71928adeeb3781bef7ce6d4c71

  • SHA512

    f411aba44e6d8a91abb204c397203a01d5393056317f57b9b73145b4d71aee535269f4fc47cdf87a6212d2ef193683b84f75f53042327dc1ef4744cd0ddba06d

  • SSDEEP

    24576:qnmp0ual3hWk9mmE23MUxFx6F2u6KBfylcxWNXjnrZBhPHl+tcxWOjqwNSmBO9:fwv1EOBFeea0N/ZB5lM6WO+1mY

  Score

  10^/10

  formbookhx319credential_accessdiscoverypersistenceratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Formbook payload

    rat

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2