Extracted

• • Target

    нова поръчка pdf.exe

  • Size

    612KB

  • MD5

    a2769ba56f8b84de34deee154f4bfba2

  • SHA1

    01771e5df223fac2315e8ab9ba72234a1a41f0ba

  • SHA256

    9f7da651412232824c868086dd48a7d63af0dbb007cef4db8c24edda9b2fcdbb

  • SHA512

    57ae3e2b4c4b47a6662c6ff8e91d95d0c807cf6a25757c9f6e4cb4f2f377746ac468cdaa1bd298679a6d70bc4dd91ef3f78444f8d7b9cdfcfdf71d3a428f2752

  • SSDEEP

    12288:lCfia8t/w3ENiFovuGAS1WDv8mMrIJTxzDYKTX+grvLU2PI5WytkT7:lYibt/w3ESwXAS1U8brIJdXJugDYMI5C

  Score

  10^/10

  formbookgy15discoveryexecutionratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook payload

    rat

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2