Extracted

• • Target

    96e5517bfccfcb53750d9283cbbfe31f427281b5f6a0e61809a68952920c3d0d

  • Size

    1.5MB

  • MD5

    49fc6a2dbdacfc87cff4054eb2cc1e9f

  • SHA1

    5d83448795fbd6ca2f8db612647b9588632e8ed0

  • SHA256

    96e5517bfccfcb53750d9283cbbfe31f427281b5f6a0e61809a68952920c3d0d

  • SHA512

    cdd17b36c59a2e5ec1c5296c60933044bcaa2edafe13a91bb8675dd986680bb3e0c1fc12800529bbbcd0c3832f9c826d220cd4cfa08290b52a2c616fa7016196

  • SSDEEP

    24576:n8uIjUZpSdmP705YyIV9K298758nckXj2DnnL/h79KIEs0HGuEarisvas/pq/X2I:nrIjULSu05VIrt6758ncij2fJQIX0mH9

  Score

  10^/10

  formbookhwu6discoveryratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook family

    formbook

  • Formbook payload

    rat

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2