MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 29b04cd4f25b88b9f35f2e7a34569415b985677834d699255e417a0ed62d68a8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

FormBook

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	29b04cd4f25b88b9f35f2e7a34569415b985677834d699255e417a0ed62d68a8
SHA3-384 hash:	f3afa7aea2d55a38f398672378b14b0a62a2d7435e6ff5f3199b42f38d6d9ffc93440af0c2696e1d437ae97dbcd48bb4
SHA1 hash:	067f9bd59d157b3ddad596dda990cdea67dd12e6
MD5 hash:	bdbf1d3bee8c9fe8f98f5f804b6f1efd
humanhash:	network-bulldog-louisiana-friend
File name:	bdbf1d3bee8c9fe8f98f5f804b6f1efd.exe
Download:	download sample
Signature	FormBook Create hunting rule
File size:	358'912 bytes
First seen:	2020-06-01 07:24:58 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f22635dbd118c4c2567a245ddd95bb69 (9 x FormBook)
ssdeep	6144:3txrK5KfWGkUtcX3A6E12UsBSX2lFYwfHbOw:LKYfW7U+X3hEoUQlCwPq
Threatray	5'323 similar samples on MalwareBazaar
TLSH	B574E140FE2098FEF595C3BD1C90AA813A38BEB1916130EB7BC5BAC459771E315B6321
Reporter	abuse_ch
Tags:	exe FormBook

Intelligence

File Origin

# of uploads :

1

# of downloads :

77

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Downloader.Aiis-6803892-0

Gathering data

Threat name:

Win32.Trojan.Noon

Status:

Malicious

First seen:

2020-05-31 20:58:25 UTC

AV detection:

21 of 31 (67.74%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=fgyezvhsloelt427fz5divuucw4ykz3ygtljsjk6if5a5vrnncua._file

Verdict:

malicious

Label(s):

emotet

trickbot

Similar samples:

234feef75ecf92d540072179eb153e188eb548237ca875ca54c9654c0dbb38fa

3e98d7f59e495ddfa5140a50f70347bb4a56296ca2dcb6602f65ebb4e4a0373b

436ee1bd9706512d8884d07a51f806155ca2d95b3a584ceb57a87260cf19690d

440210947a4e6ccdc60e1447ee39bac99cb2e3806b3d5db06d5758cc4ac6cc50

474cad642b1cf88f8d7f922cbfd9b8a00d7fc0eb40cafc0877007ee2884f105f

590fde182a154cd89b15d88546d60351b9fecb51e04fbbf4affd8d49a618bd23

6f827b68129d30609057c2e6b36be05649fce91d6bc8ee3d3566ca5c6aba562b

953a210d8cf8b14a042c8e655b497fa5623cc5e557cddc7c79a418fe826c5e2d

9b2c6f08cd9a4e3b144422de4d540290542ce50239f2c85697a036a461b25264

c6bed06259f7c50c2b15e8161d5b1fa11690e69a7e5bb3261202debfb7d96708

+ 5'313 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-sjk7891r1x/

Behaviour

Suspicious behavior: EnumeratesProcesses

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

exe 29b04cd4f25b88b9f35f2e7a34569415b985677834d699255e417a0ed62d68a8

(this sample)

Delivery method

Distributed via e-mail attachment

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample