Extracted

• • Target

    cf7cce1b83e67375808a6c3732f6894e263b12dcd6954c4b67f1af5508d05986.exe

  • Size

    625KB

  • MD5

    2fda299e8931d6deef77866652c05fba

  • SHA1

    8c57ba390f5fbc5cf9df1376f7b48724860edce4

  • SHA256

    cf7cce1b83e67375808a6c3732f6894e263b12dcd6954c4b67f1af5508d05986

  • SHA512

    06f60771a781c26366f11c9e4641813b23b75f48720fe091e38481116f971667cb53194c0819ed1c50a45e17d8276ea7a83fb2ae7562e84f8d30307850d1510f

  • SSDEEP

    12288:SqPZbEeX/gbxGZCIx6PSPlvmjG4utS4QAGDqPtzK1+Rot5cdd8d+WW83/cg:SqPh//gbdPPkOjG4uUND0RK1+XPH8E

  Score

  10^/10

  formbookcd36discoveryexecutionratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook family

    formbook

  • Formbook payload

    rat

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2