Extracted

• • Target

    a3b2ca126add4732d765ef196f58454bf5bc686027617150d55e1f06cec32f1c

  • Size

    980KB

  • MD5

    49df2d63fd7afa631222eee0457d989f

  • SHA1

    40afb69785c995457d36019c130def02c999c32b

  • SHA256

    a3b2ca126add4732d765ef196f58454bf5bc686027617150d55e1f06cec32f1c

  • SHA512

    1d65b70cbf7b053c80c73061ccfb8aaf62223ea6c24fce6542660e1acbd97ddb8cd06d540f2bdf7e2611775287a84251ca7e8c26e0b326ec55107297ed0fe08e

  • SSDEEP

    24576:C1fg46FJHBOzT8XaRMBpeW+l0ohooeqS:CMXIMBZw0G

  Score

  10^/10

  formbookd2g7discoveryexecutionratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook family

    formbook

  • Formbook payload

    rat

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2