MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1e099b3ffd5c33889e0e3c3dda64554300169b3802dcaabc8da9a8d35d126b31. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1e099b3ffd5c33889e0e3c3dda64554300169b3802dcaabc8da9a8d35d126b31
SHA3-384 hash: e8128d2f967a5d9b14fe0119b82e847c8ea91924cec651a049ac2253a797c46cca058a3c6e831838430a0c2d1b5092e4
SHA1 hash: 276f1cdd043a0a8f4c5c434d203ea469d0847d36
MD5 hash: 5a0dd5c2d7faa1ca76c3a45abcc573b2
humanhash: oven-echo-louisiana-florida
File name:SecuriteInfo.com.LuheMalumA.14299.8772
Download: download sample
Signature FormBook
Create hunting rule
File size:1'240'712 bytes
First seen:2020-06-16 09:00:26 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9bdc2c6f7d366eb77d2976680654abfc (1 x FormBook)
ssdeep 24576:lQmmTczQxRHJZay0tvW18Jk34VGPekPr8d3/:+maxRjay0tvs4Qm
Threatray 5'274 similar samples on MalwareBazaar
TLSH 8D452A03BA047552C892D4B04914B2FC2428AE7B1659F807A398FF764E769D3797CB3B
Reporter SecuriteInfoCom
Tags:FormBook

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/10655/
Detection(s):
SecuriteInfo.com.LuheMalumA.14299.8772.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Strictor
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 12:41:39 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dyezwp75lqzyrhqohq65uzcvimabngzyalokvpenvgungxisnmyq._file
Verdict:
malicious
Label(s):
netwirerc
Create hunting rule
Similar samples:
08b47c6d183afb72f383ced4639ba73a03d9b36f06617585b3a3d28b69d1ce9f
FormBook
2a093b2213d7d589020d69e76fdfd33b441ed125664cb3247d25e9103744011c
FormBook
3b81d08379c1f899938518da9bcaccb302565f2f51cd754c201a8c57efe2f380
FormBook
453be4b5eb14a952e7e071771b17f4d5aed55a2cc85ac108308a0f5f9e521ad8
FormBook
783c6835be34af1803983890ec14e1edb2ac7cef4442dff43cddb719d97236b2
FormBook
8606768cb758ba8379659f65220250ebc1c491dabd668e7f98663571419cadf2
FormBook
9daa8e87928b88143b9482b989764524754c86d142027ccaad1fc452f52c1765
FormBook
b1ab330d8407adbc0731fd66b869bca53515ccf732d1ad498515e5e04f993de4
FormBook
e2ff7c5e749d36ebfcc2a9d5af487369e454ef301a859eb8fc11ebe15ea73e34
FormBook
eb1cf2b146f8b3e00e50f11059dc62dc6cd9aaf359c25cb4dd82834a4d28c8e8
FormBook
+ 5'264 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
persistence
Link:
https://tria.ge/reports/200624-5kht2sqg42/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetThreadContext
Adds Run entry to start application
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

FormBook

Executable exe 1e099b3ffd5c33889e0e3c3dda64554300169b3802dcaabc8da9a8d35d126b31

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/392832/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/10655/

Comments