MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1e13e14b2d390dc75cc450654d0201bb43366bc2e4a028e0f5566630fea12630. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Formbook

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	1e13e14b2d390dc75cc450654d0201bb43366bc2e4a028e0f5566630fea12630
SHA3-384 hash:	3e581cd33d18957eb7d41a125bcd64583c88c9da417d3696f6f7efeeb76c49b6cd94ce8f3a1dd1327a5ef753601f6de3
SHA1 hash:	896101735f27c2b40695bb7727dcb889f61afb74
MD5 hash:	3270f89a953f6ba0eab5ebc529b313d2
humanhash:	lima-hamper-friend-romeo
File name:	Quotation_Request_IMAGE001_IMAGE002_IMAGE003_IMAGE004.exe_
Download:	download sample
Signature	Formbook Create hunting rule
File size:	991'744 bytes
First seen:	2020-07-10 08:18:30 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'650 x AgentTesla, 19'462 x Formbook, 12'203 x SnakeKeylogger)
ssdeep	24576:qrBQslhtW3DmwTWdam4wfP7slhtWOupU:qnhtW3DnmarGmhtWnm
Threatray	5'168 similar samples on MalwareBazaar
TLSH	40259D31FAA19919E77D8EF5887272D09E226B561D03D3CB1BA831D9C8FF3052D4E612
Reporter	oppimaniac
Tags:	FormBook

Intelligence

File Origin

# of uploads :

1

# of downloads :

85

Origin country :

n/a

Vendor Threat Intelligence

Detection:

Formbook

Link:

https://www.capesandbox.com/analysis/24317/

Detection(s):

SecuriteInfo.com.Trojan.PackedNET.378.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Unauthorized injection to a recently created process

Launching cmd.exe command interpreter

Possible injection to a system process

Unauthorized injection to a system process

Deleting of the original file

Unauthorized injection to a browser process

Detection:

formbook

Link:

https://mwdb.cert.pl/sample/1e13e14b2d390dc75cc450654d0201bb43366bc2e4a028e0f5566630fea12630/

Threat name:

ByteCode-MSIL.Infostealer.Fareit

Status:

Malicious

First seen:

2020-07-10 08:20:06 UTC

AV detection:

20 of 29 (68.97%)

Threat level:

5/5

Verdict:

malicious

Similar samples:

0edc17effc79112df8aadfd138cc3db51ecb97c7ed54668f1b17a216f45eb5ab

37299afa1d46a1aa02b7b06a39d41d876f454047527e406e7cbcb659833de728

4a21cad0d588267ebde8f8112e9d85bf355c77434beda6436cd9403a0a787c0d

4d5c7e3ebcae0ff2419bc76ff30b7681cf9a11751834ee0dcc5868a48f9c30b3

6a277e9e2f6049fb8009d2f139a217b53da1448d7ca5c4da751336bd00d44ae1

8100b701682e9fb7c4165631216913054e2e201f4cd63274ff1151ade42098c9

8ea404b56d3341cbcc42c2f9b99c6cf8aa457d94b5319e19bee72859be9b1c32

90c983c0a5db34d281c7dfe887f8f9273a63c935187a74240fefb5e866bc295d

cc296ddd36ee729fbdea514a26f387b2b5e88dc6bf3c61c68fb27572703acbb6

d823d3c8c26635339f3de0090fb21441f5d2f4db1a0567b2028ca8e3e7f5670e

+ 5'158 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://tria.ge/reports/200710-shp1c5sx8x/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetThreadContext

Suspicious use of SetThreadContext

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/24317/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample