Extracted

• • Target

    attached PO.exe

  • Size

    687KB

  • MD5

    58c75c0c7af1046ac9db4f446765f213

  • SHA1

    6409a5dcd59c36fde2cddec428f22286bd4dc3b0

  • SHA256

    b0f1c4f3d4d3dda1a8c8ee81ecbde9a91fa3923058c13ac69dc572193252e0a2

  • SHA512

    e557ae7f1e5d5fb8d5a1cda4b15de2873d1a49d99b41d2a9f5a2da1ab7511dcc6b512180e3dd1cebf42d042efd953edf32960e3ee29aa1957e227da8694a670d

  • SSDEEP

    12288:AlLyWa+k0NoZzDHVZpPpEmRYlNqWQd62TMd5LfyuvGYec:Ok0WZfXkm8LQUbBN

  Score

  10^/10

  formbookg10kdiscoveryexecutionratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook family

    formbook

  • Formbook payload

    rat

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2