Extracted

• • Target

    32a211990a974cc2acdd1b3814a2f0ace854025a41f56c6fae00c75d334fbec9.exe

  • Size

    1.6MB

  • MD5

    64696d5e44479a7d22f5d5177d26d71a

  • SHA1

    3a892d28eda05fac4ae708e1413510c6425d1eba

  • SHA256

    32a211990a974cc2acdd1b3814a2f0ace854025a41f56c6fae00c75d334fbec9

  • SHA512

    55fdfd209c7028a942f73fc4d5df587d69c124752274b7e9ac6452b1d28e31c040401d43e19bddf5f2b608897a33f8744c42875551e469aa6382a94644b7c970

  • SSDEEP

    49152:qAodtaG9kS2U84B+FLan9k5TRM9zleVjrJV:e/B1s

  Score

  10^/10

  formbookmd02discoverypersistenceratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook payload

    rat

  • Adds policy Run key to start application

    persistence

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Uses the VBS compiler for execution

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2