Overview

overview

10

Static

static

LANXESS In...ed.exe

windows7-x64

10

LANXESS In...ed.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    LANXESS India Private Limited.exe

  • Size

    690KB

  • Sample

    221126-x132lsha26

  • MD5

    bd7ba561c421fc284aa6c30aa840b863

  • SHA1

    01cc6b9876ebee8607b2d230f3d76cdea9bed9d6

  • SHA256

    26c7d3b6ad20ae3c7f44462c4e01d4756ea6ef1d0ad665b806ab3f7ab6b60dba

  • SHA512

    0d1eb1d730b95f69d9c26ed2b31b857c12b6bf76c7047661ed63acd28c4e4208507c1cb2ac73ccce29b3f4b16cd7c5920dd1b8400dade452fcc35d121984640a

  • SSDEEP

    12288:UTcSXWlqraY+2pCSgjxKnkJqy6jSC2mZJbxpDF:9zAnnpCSKKnQqEC2

Score
10/10
formbooka24eratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

a24e

Decoy

flormarine.co.uk

theglazingsquad.uk

konarkpharma.com

maxpropertyfinanceuk.co.uk

jackson-ifc.com

yvonneazevedoimoveis.net

baystella.com

arexbaba.online

trihgd.xyz

filth520571.com

cikpkg.cfd

jakesupport.com

8863365.com

duniaslot777.online

lop3a.com

berkut-clan.ru

lernnavigator.com

elenaisaprincess.co.uk

daimadaquan.xyz

mychirocart.net

Targets

    • Target

      LANXESS India Private Limited.exe

    • Size

      690KB

    • MD5

      bd7ba561c421fc284aa6c30aa840b863

    • SHA1

      01cc6b9876ebee8607b2d230f3d76cdea9bed9d6

    • SHA256

      26c7d3b6ad20ae3c7f44462c4e01d4756ea6ef1d0ad665b806ab3f7ab6b60dba

    • SHA512

      0d1eb1d730b95f69d9c26ed2b31b857c12b6bf76c7047661ed63acd28c4e4208507c1cb2ac73ccce29b3f4b16cd7c5920dd1b8400dade452fcc35d121984640a

    • SSDEEP

      12288:UTcSXWlqraY+2pCSgjxKnkJqy6jSC2mZJbxpDF:9zAnnpCSKKnQqEC2

    Score
    10/10
    formbooka24eratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks