Extracted

• • Target

    8fff9a173774de4ef78139d49e3f62b83fdf1b2a542c257567e76c7b82ef5e5f.exe

  • Size

    597KB

  • MD5

    1b27358f5ad8d9e7f8f24dae59c0e047

  • SHA1

    b99426345cc005fcf5caa333ccae68ce8345c9df

  • SHA256

    8fff9a173774de4ef78139d49e3f62b83fdf1b2a542c257567e76c7b82ef5e5f

  • SHA512

    64ee6efc50b00e92c11cfc32afcf05ae80560190c588202d3724b2511b5e27bd7115e3b2ca20b41414746144ee4ed2d1e1b819beb1a9ceebee0fedc2a6d704b3

  • SSDEEP

    12288:xijHAqAJFfG3AP4mbYl4uahxX5Euk5vQnO67B1EU:xoAZ+IbY+/hxXOuS8OWB1J

  Score

  10^/10

  formbookbs03discoveryexecutionratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook family

    formbook

  • Formbook payload

    rat

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2