Extracted

• • Target

    a106bd015a486b2e0c147b968a3c1616d229290ae520c8b4aeb83b64e6d0a710.xlsx

  • Size

    1.8MB

  • MD5

    0bb753c9d76544c518ebb5d209108266

  • SHA1

    1a7e7c5044c842e03687f576005bd43d48862ebb

  • SHA256

    a106bd015a486b2e0c147b968a3c1616d229290ae520c8b4aeb83b64e6d0a710

  • SHA512

    21f7ac9b14f16fd758df420c25b952cd1b699c250904781c43ce7080801fefb4dd814c3ee7a30b4a7981deebdcb4fcbc72247fd2c6982be051635bee8565eba7

  • SSDEEP

    49152:kTiDS2iZYJTg+uFfcdD+3GkdQFzhccnYmmAQdC:kmugO+6fV3GkdQdnhD

  Score

  10^/10

  formbookhwu6discoveryratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook family

    formbook

  • Formbook payload

    rat

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2