Extracted

• • Target

    46bcde824114484f405e35827ddd2a1520ba1349644cd0bd7d9bead3f3d83730

  • Size

    1.5MB

  • MD5

    e15cba1287fd9a0d755685df0c8d24e2

  • SHA1

    39be11722c3417a9e330dd265cae7d30c2b23c32

  • SHA256

    46bcde824114484f405e35827ddd2a1520ba1349644cd0bd7d9bead3f3d83730

  • SHA512

    e96d726f92d5de720cad1bae386999cabc588c72968cf824428ef853660fa839a6fdb1ff79ed78ae21a5a395f41556ce045a99c282508e30ab2517ee2770906e

  • SSDEEP

    49152:iwoULlGhp8mRgfzBMzlkc3PakctEXuS0EOrrb:JoULlGv+7Gp3BceXlL+f

  Score

  10^/10

  formbookhwu6discoveryratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook family

    formbook

  • Formbook payload

    rat

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2