MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0a569518c639a3016fb301034043c0f1536cecd205196f0c1321c77ea0e941e2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0a569518c639a3016fb301034043c0f1536cecd205196f0c1321c77ea0e941e2
SHA3-384 hash: b914c4de71192f1d859baeed86d2e7ea33ab67a6fa787eeee16bd4d1e1cfa3ebd9cad1d0973a2e84524148bbd990de00
SHA1 hash: dd0b068a87f1f98383124c280d4e2d14bcb29320
MD5 hash: 539ebb9d57943512697ec9d152b1d9d6
humanhash: mirror-vermont-low-idaho
File name:hdhvjcyufuyhvh.exe
Download: download sample
Signature Formbook
Create hunting rule
File size:515'072 bytes
First seen:2020-04-29 19:04:25 UTC
Last seen:2020-04-29 20:04:39 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:E5bkAgY9Hxytpt2NYvEKvEHmk7jpMgxkq9Z:ER4YvyjEOEH
Threatray 5'289 similar samples on MalwareBazaar
TLSH 90B47C59BA71FDBFC5E2A9BB44543C10AD0C6DA60A57F242A05B725CFD7E986CE000E3
Reporter abuse_ch
Tags:exe FormBook


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: colorntouch.co
Sending IP: 111.90.141.162
From: Purchasing <purchasing@majuuniversal.com>
Reply-To: intertradeemito@gmail.com
Subject: REQUEST FOR QUOTATION - PR-S/P-100789
Attachment: hdhvjcyufuyhvh.rar (contains "hdhvjcyufuyhvh.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
97
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.Generic-S.32633.31479.UNOFFICIAL
Create hunting rule

Win.Packed.Nanocore-7758947-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-29 03:25:17 UTC
File Type:
PE (.Net Exe)
Extracted files:
48
AV detection:
27 of 31 (87.10%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bjljkggghgrqc35taebuaq6a6fjwz3gsaumw6datehdx5ihjihra._file
Verdict:
malicious
Similar samples:
19e839e299b4a6f1ddbfb8f1adae91011b0cd40d9d095b5de75004becd7a364c
Formbook
223bbe1af0d09289a1ebeddf78e3218fcae28d0a69c291d66fee5fa29337844a
Formbook
3fbaa0ca4cd86fb032909b6ba6530930b0ad14aa4fd39b5059380f51c31c3808
Formbook
5628310c6fe718d77dadbc5c8cb6238faa27942517b590c2a87c07aadca429d6
Formbook
568a6bfbf5ce68d84fba719dcbee920751fb52b24890c6a9f6258aa670026d07
Formbook
5b6b8e78568b828610d9d85128e14e34938614f7fc2885569995834678da14b2
Formbook
76333652b5c82499dde362e8892ff2316a455ee5118f6127d6462ec3654cd544
Formbook
c97caa35170c05c95c5b92a03068cfa944ad0d629fdd23d1fd11f7af4d5da095
Formbook
e64a40c05ac395f8751ac149772087476c75ae46a7e7831fbd00b20fd3edcf99
Formbook
f38d170b1da421aa60e778a64fec953d3058336f7cb06568ba7926495fe87f0c
Formbook
+ 5'279 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar da88ecc4491a706d1ac441668ca8f4a23ff5a81edce083292840a5c44565ce5a

Formbook

Executable exe 0a569518c639a3016fb301034043c0f1536cecd205196f0c1321c77ea0e941e2

(this sample)

  
Dropped by
MD5 9c585827409486c8741eb96e2dc79d7a
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 da88ecc4491a706d1ac441668ca8f4a23ff5a81edce083292840a5c44565ce5a

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments