Extracted

• • Target

    LANXESS India Private Limited.exe

  • Size

    690KB

  • MD5

    bd7ba561c421fc284aa6c30aa840b863

  • SHA1

    01cc6b9876ebee8607b2d230f3d76cdea9bed9d6

  • SHA256

    26c7d3b6ad20ae3c7f44462c4e01d4756ea6ef1d0ad665b806ab3f7ab6b60dba

  • SHA512

    0d1eb1d730b95f69d9c26ed2b31b857c12b6bf76c7047661ed63acd28c4e4208507c1cb2ac73ccce29b3f4b16cd7c5920dd1b8400dade452fcc35d121984640a

  • SSDEEP

    12288:UTcSXWlqraY+2pCSgjxKnkJqy6jSC2mZJbxpDF:9zAnnpCSKKnQqEC2

  Score

  10^/10

  formbooka24eratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook payload

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Suspicious use of SetThreadContext

  behavioral1behavioral2