Extracted

• • Target

    2.doc

  • Size

    202KB

  • MD5

    96699d7c92183547a08b317df6f39695

  • SHA1

    bdb797743b66daaa681041ef258ea964b834442a

  • SHA256

    2bea70091eb6858272f4fb047c47b8accb79886682cc744f2455561923a72ca6

  • SHA512

    27884bb6b04eabaf9faaff4fc5876f464ab3f75ba8a009453ddcfaffd041a663324188b63f57a970740f4bfd5975cefd2563bbcbdfe2be2db8919ca044124388

  • SSDEEP

    6144:QuZpe2ClhlgNs8joPzbqKTcWkepI77WqCh:Qf

  Score

  10^/10

  formbookbtrddiscoveryexecutionratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook payload

    rat

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2