MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1cc899a5fc4a3e7fe1c9d1265b60a4faf51bc1df3e4b25c088979755410fa954. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1cc899a5fc4a3e7fe1c9d1265b60a4faf51bc1df3e4b25c088979755410fa954
SHA3-384 hash: 0c0fd4fbe859dc2f4917b41fa1602ffaa50e6dc3a7b88266f6c75250ad78f9cf424e095f23e5b62f6d0fbd8fde5edcb5
SHA1 hash: 4ecb0c52aac20465e46e46514f0e23a8bfbf83eb
MD5 hash: 4b1ad896be5b7e954882fce34bd1072b
humanhash: carbon-robert-hydrogen-jupiter
File name:4b1ad896be5b7e954882fce34bd1072b.exe
Download: download sample
Signature FormBook
Create hunting rule
File size:1'247'232 bytes
First seen:2020-06-17 06:00:25 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash afcdf79be1557326c854b6e20cb900a7 (1'102 x FormBook, 936 x AgentTesla, 399 x RemcosRAT)
ssdeep 24576:mAHnh+eWsN3skA4RV1Hom2KXMmHalgNPaJWOmHja3rW1R5:Bh+ZkldoPK8Yalka4OOor4
Threatray 5'227 similar samples on MalwareBazaar
TLSH E245BE0273E1C036FFABA2739B6AB60556BC79254133852F13981D79BC701B2267E763
Reporter abuse_ch
Tags:exe FormBook

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/19105/
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.AIT.Trojan.Nymeria.1583.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Predator
Create hunting rule
Status:
Malicious
First seen:
2020-06-17 06:02:08 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dtejtjp4ji7h7yoj2etfwyfe7l2rxqo7hzfslqeis6lvkqipvfka._file
Verdict:
malicious
Similar samples:
035c2fa5d912202dd34e8410b14a42b0db007c2be8ed819bbc444f9818497f5b
FormBook
154abcf7b4d3b8ff3395661ee7a03dc8e473f9dc3fb51386a1c49d881bc62387
FormBook
3f86f49f3c2e3583c70385971bdba545c85d8f2d66f8923bf446dde88be3afc0
FormBook
4adb6a21c1056dafc19fe22df99b061d94e25e258aa4ff3c35fb8cc65faa2c17
FormBook
532b875f09991cdf7b57db59f0f7aa579d49b229d65ad1ace9f67bf6ffc7bca5
FormBook
6f827b68129d30609057c2e6b36be05649fce91d6bc8ee3d3566ca5c6aba562b
FormBook
7d667845924245b2c6acee25a643afab5ad0a822614574c93cbf19ff0bb4f8c4
FormBook
8b379923380c07a3447ec8dcba32e4522102f3e5a9b40ce74afd32bcc1d074e6
FormBook
b3b093d992d26b0d21a61a778598abd5dd87649a89f724c2798f60f9dc19de1a
FormBook
e6d371badc121f232f4305f3a50f0a136d1b7edbc3337414ca692c26ae41986c
FormBook
+ 5'217 additional samples on MalwareBazaar
Result
Malware family:
formbook
Create hunting rule
Score:
  10/10
Tags:
trojan spyware stealer family:formbook persistence evasion
Link:
https://tria.ge/reports/200624-tcdvrfewss/
Behaviour
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
System policy modification
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Drops file in Program Files directory
Suspicious use of SetThreadContext
Checks whether UAC is enabled
Reads user/profile data of web browsers
Adds Run entry to policy start application
Formbook
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

FormBook

Executable exe 1cc899a5fc4a3e7fe1c9d1265b60a4faf51bc1df3e4b25c088979755410fa954

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/390007/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/19105/

Comments