Extracted

• • Target

    PO # 45347212.exe

  • Size

    429KB

  • MD5

    9d83142b0bdb6f149eca4a5724574c0f

  • SHA1

    126271e8e9084d595bdd9ca65a2de20d0568ba7f

  • SHA256

    97349abd1ac7763287f0d08aab708bb4fe8d02989d5454a5f09f68d62b0995e6

  • SHA512

    100ed5689bca3f17fedc3471e9d4802ca3ca7c71a82f46afc46fea8c1818bc6c344f2372ab80b43cc4b23bbbb95cc2ddd5d883eb57ee11f976b15a554e25870f

  • SSDEEP

    12288:XYtsFABgFW4wxoUmzV8O5b3kRc+4OHhInYXm2Pcg:XEBugxoHzVDb3YDMnmcg

  Score

  10^/10

  discoveryevasiontrojanformbookcx0ratspywarestealer

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook family

    formbook

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Formbook payload

    rat

  • Looks for VirtualBox Guest Additions in registry

    evasion

  • Looks for VMWare Tools registry key

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Windows security modification

    evasiontrojan

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2