Extracted

• • Target

    003e445ec7e3a973ac6b61b8375e4db13e9ac69a2fb48f3c647571c473eb22c2.exe

  • Size

    757KB

  • MD5

    d397a6f50193af8aed6103814f0da716

  • SHA1

    b4e6f18ac33bda5b7fb34018c2201b515b3b6767

  • SHA256

    003e445ec7e3a973ac6b61b8375e4db13e9ac69a2fb48f3c647571c473eb22c2

  • SHA512

    4f544fefad6154ec6b3a2201e3eece47f954fb43d1c0a57c30b30f27bfdf230a5d83c9d8d60b26002f8ced7c990739680e45779b4bd5ebccd250de5454b1e006

  • SSDEEP

    12288:HA9wecl9wdVYU63g6HxeHyxQc2SHgBUdKnriWWG4Kx4aL1cL6hcRNLn:OwexdVY9Q6H8yxQc2MIUExWeWZUczLn

  Score

  10^/10

  formbook3nopdiscoveryexecutionratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook family

    formbook

  • Formbook payload

    rat

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Suspicious use of SetThreadContext

  behavioral1behavioral2