Extracted

• • Target

    Scan 2020227 pdf.exe

  • Size

    694KB

  • MD5

    a68a0b2d4331d61bb64172c9e9786937

  • SHA1

    a004b631c2f2aa425e3e6d9e262fb3815aef293b

  • SHA256

    461b27147a73d91bf21f4b821d7ae63b35a4efc32a87c14e718caa0644bb1dff

  • SHA512

    ad688d2d08e9ca1fab35a90d2fb049c2cddd680d10fef27dbc0da150de69bf3e068aaa9f7d4da4b7efd87623113b4cd3cdbeedd7f3a6ea1b81a82190f6b2da33

  • SSDEEP

    12288:fRmJ34UqACPQoKwICzPhVifZWFuGZkTP2bjmgqLMDburpEau8n:f0B4U+Qo5Ph4ZWkQ5egqLC4Wf2

  Score

  10^/10

  formbookcxsdiscoveryratspywarestealertrojanpersistence

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook payload

    rat

  • Deletes itself

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2