Extracted

• • Target

    706b8957fa0e937d89e442c4f15362a507cf950617dd5ddb16f16ef1dfc1c00e.exe

  • Size

    603KB

  • MD5

    0382b1bfaa12b7b20db5960008156baa

  • SHA1

    9b6111c0d6809c46aa359d53c002abd62a487253

  • SHA256

    706b8957fa0e937d89e442c4f15362a507cf950617dd5ddb16f16ef1dfc1c00e

  • SHA512

    9a2f159c89009be9158ca1414fc9fa78a4acd4f377bbbb4a4db235a64f0eb88cbe15885d025d746e5bb33f1d2b0f7b33c15db9ea2662a28b5c35d7702ac2b8f9

  • SSDEEP

    12288:eqrgdVgbGVI0kYltrI1k2MpddulWbnm1rArSnzOXEl1hRs/vw0:yKil6/szuccArYwU1zuvw0

  Score

  10^/10

  formbookae30discoveryexecutionratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook family

    formbook

  • Formbook payload

    rat

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2