Extracted

• • Target

    e4ec8ac5acae00db2b97ac230b4fca234066f0e58f1c3cf08e8b079ea7701b46

  • Size

    1.2MB

  • MD5

    05222dbbdceb4922e6595572589d1d97

  • SHA1

    db8ddf9a30d3487fe17b7cb416fdd6ca9db6e606

  • SHA256

    e4ec8ac5acae00db2b97ac230b4fca234066f0e58f1c3cf08e8b079ea7701b46

  • SHA512

    3104c1e92aefd4ea0ee7f7426e268b4a52f221ad0587507c47ec653a5038801c162796480f098175bcc81a2a7a12a26ff1914aa64e1f76342495748021b13008

  • SSDEEP

    24576:j5Wt2EYaA1SI4ps+o4+G4KwZK5j8zqjD0JZ4EJ9Wv8iSYvsIDAWzADu:9tExA1SFt3pj8zqf0J2EfWv5SUZAq

  Score

  10^/10

  formbookmtpidiscoveryratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook family

    formbook

  • Formbook payload

    rat

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2