Extracted

• • Target

    ff07908a590dec7673c510ec4d0043d8825a54039e35b7c28c299f95c55336c3.xlsx

  • Size

    1.8MB

  • MD5

    d3f593571da9b55237a49f9c23a12d9a

  • SHA1

    b3c9a6ca51802326e7de5a6854199fc369bc3b08

  • SHA256

    ff07908a590dec7673c510ec4d0043d8825a54039e35b7c28c299f95c55336c3

  • SHA512

    114950c12cc9fd0aa50544caed8fa0f710cc596c67ec90d3b5d2e1a72c18b5706b25ef3030949805be0e90bab31d6010fe6b0d1ab090e0651b0254482e113df8

  • SSDEEP

    49152:OwVliPFnflCwADoUpbmepmSTKrks1l4FWQCMsx7/:Ow4dflKxpaepmS2rksiWQJsx7/

  Score

  10^/10

  formbookhwu6discoveryratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook family

    formbook

  • Formbook payload

    rat

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2