Extracted

• • Target

    Payment Comfirmation.exe

  • Size

    772KB

  • MD5

    86c532b1132630146227a27f3179d897

  • SHA1

    8bd4224bf2079d60e6fef9e40ab7bc1ea391315a

  • SHA256

    6be92b0d491f6d5d7f65e01a3336aac1155f091ad6def08b541e07b68eda3bb4

  • SHA512

    4272bb687f400e0adcf8a5c2b48d7d4a5d4a46e5cde9b2f5d4cba50030842bb8ff0b14658308fd059730a2e4c8acdffabc5da510b9679c530ab944e50ef7896a

  • SSDEEP

    12288:Dvdi9wecl9iWse2abS7m3hoV1QicvYxJqd4trX0ir31DPyKI:DI9weFW+abrh2UAP7RXRrlDPyKI

  Score

  10^/10

  formbooka03ddiscoveryexecutionratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook family

    formbook

  • Formbook payload

    rat

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2