MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 218a9186e336f916762f64853f94cab4f6edc3c5cb8cca7a3a84cbdec2ee51cb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 218a9186e336f916762f64853f94cab4f6edc3c5cb8cca7a3a84cbdec2ee51cb
SHA3-384 hash: 380e541aba7388a770488a53e8617e4a19d5d689305a98c0af66bbccecfed7b4833ce92a9c78560c6ed157a7e1a525dd
SHA1 hash: 50875221189d6495f846b6b5a14c606afb79ee1a
MD5 hash: e1912a8e72fc1d3f2720245cc6c50f13
humanhash: massachusetts-july-vegan-butter
File name:e1912a8e72fc1d3f2720245cc6c50f13.exe
Download: download sample
Signature FormBook
Create hunting rule
File size:576'512 bytes
First seen:2020-05-18 12:58:12 UTC
Last seen:2020-05-18 14:26:51 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:cqhljE9ZtYAs8Ob5RWZ+OfNsT1deVC6uJ7jHRsV:phmXSxRWD
Threatray 5'393 similar samples on MalwareBazaar
TLSH 66C419AB213CE5DEF85EBCB689541F24AA706C66423AD103D01F3DD9E93F597CA140E2
Reporter abuse_ch
Tags:exe FormBook

Intelligence

File Origin
# of uploads :
2
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.LuheFihaA.21428.66.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-18 14:41:00 UTC
File Type:
PE (.Net Exe)
Extracted files:
18
AV detection:
26 of 31 (83.87%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=egfjdbxdg34rm5rpmsct7fgkwt3o3q6fzogmu6r2qtf55qxokhfq._file
Verdict:
malicious
Similar samples:
1b2ffcf595970b69b94816a16890b7f0664f00dfea87fbc0df5abe453baedd41
FormBook
35b0f0ea8e64564dacb06fb7c9c4816cbe2962e27c72e83b6cca54c92582a620
FormBook
4e8ddcec5c75934d0418b3f5f66c20925bd67b6acda0bb0c3a0ee684865a6e4b
FormBook
5962532a97c0efd1227d42aeddeacf09c0f8c8787e476e650d71ceed4ed52d97
FormBook
6830866e2d41b970c95172f9a156522c72cfd238f846c02c19827b2100fc5deb
FormBook
7f6459ace4d6259e61c8170563af8a30f25568457902f4f717c8ad17574efab6
FormBook
9c0d3c463792d704909de3a04cd7a6d31f8094301e8e24950af31cdc5e9f2838
FormBook
a492b017c3e12fe55493c562ed1304155616cb61b24f6dce0bfcd3eb7a7bdaf5
FormBook
ad0c0d03282b4abf01f435f798fbb71d0243714518f265fc8f102f909822e671
FormBook
b3349406861e76bfb84f4757a646c3fe94eb5e1cd27abeeffa48aabb6c8fa4d5
FormBook
+ 5'383 additional samples on MalwareBazaar
Result
Malware family:
formbook
Create hunting rule
Score:
  10/10
Tags:
family:formbook rat spyware stealer trojan
Link:
https://tria.ge/reports/201109-lpckqysdhn/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Formbook Payload
Formbook
Malware Config
C2 Extraction:
http://www.flycoz.com/te/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

Executable exe 218a9186e336f916762f64853f94cab4f6edc3c5cb8cca7a3a84cbdec2ee51cb

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments