Extracted

• • Target

    f30ccd8d6bd65a6c172e6233220523d984516e145b06d986bc6c0736e53dfde8.exe

  • Size

    692KB

  • MD5

    b7f43cd267dbbf40d9a372dd7ddd121b

  • SHA1

    95f154753e37e45d1020efdd7b9df84bed2393aa

  • SHA256

    f30ccd8d6bd65a6c172e6233220523d984516e145b06d986bc6c0736e53dfde8

  • SHA512

    37036654e6d8df5afc3646b677544bb89d25f2f81fe76945747265927091219dd12152902675ec2a636cf104c198221177eb32a478a9662193ab1ba26fd95de4

  • SSDEEP

    12288:tQpIR4R52J+XtahfgMf9rG2DTgQz1NjiKLacKj4N9GROF1CICoMDPwlYHPkCKPRv:CpIeePhfU2ow7iwacJP5nCoMxI

  Score

  10^/10

  formbookk49sdiscoveryexecutionratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook family

    formbook

  • Formbook payload

    rat

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2