Extracted

• • Target

    RFQ # PC25-1301.xlsx

  • Size

    1.8MB

  • MD5

    0792874afc518221f07574f95f43f5ef

  • SHA1

    a4d7f0552e1fff852db8b27e1409bdbf4bc46244

  • SHA256

    161e3b6200af955772e00be88646b3c6332faca2e9867eedd9c41cc5a1b62876

  • SHA512

    67896688ea410a2af33d3936dbf913e6b1941f826dc40cbe1bf29f96a0b8dc4b1595f7d1e74738de2bc891006f3327616a7f607d0adc077d62ac4a380f3e1d5b

  • SSDEEP

    49152:kTiDS2iZYJTg+uFfcdD+3GkdQFzhccnYmmAQd2:kmugO+6fV3GkdQdnhR

  Score

  10^/10

  formbookhwu6discoveryratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook family

    formbook

  • Formbook payload

    rat

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2