MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2df514e021d7b92b4c12d4a4c37b67e012483b18142c7b7cf562180584b8eb27. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2df514e021d7b92b4c12d4a4c37b67e012483b18142c7b7cf562180584b8eb27
SHA3-384 hash: 5b1cdeadad9e4271416ed7c2353329b602dcc9da81ef313971aa6c08b873d67ff028c8e90f63f2024026a4bfb5d7856b
SHA1 hash: 4920c76cfb8eacd4669ce7e74599957486a7471f
MD5 hash: 4b31f8c745416ae19a648ffb9dd14ed9
humanhash: fix-bakerloo-fish-lion
File name:PO_27april.exe
Download: download sample
Signature Formbook
Create hunting rule
File size:481'280 bytes
First seen:2020-04-29 16:39:04 UTC
Last seen:2020-04-29 18:12:47 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 6144:U6q4nY5YYkMilATlXPQzeN+2vwQmZZT0Qt44CMBwFW4fyvycm7rZ0vnhAp080Oqw:PM3lfQGmZp0MQMBwFW4ff7Ov7OqKoeH
Threatray 5'308 similar samples on MalwareBazaar
TLSH DDA4AE97284486ACCE6D51F26347894473E5DCFFC908E7096FC9235B5EEABD20821B1B
Reporter abuse_ch
Tags:exe FormBook


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: cathay-food.co
Sending IP: 111.90.140.123
From: Kelvin <info@dmmachinery.net>
Reply-To: piusequip20@protonmail.com
Subject: FW:we need supplies urgently
Attachment: PO_27april.zip (contains "PO_27april.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
100
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKDZ.66830.11939.32528.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-28 21:02:57 UTC
File Type:
PE (.Net Exe)
Extracted files:
20
AV detection:
26 of 31 (83.87%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=fx2rjybb264swtas2ssmg63h4ajeqoyycqwhw7hvmimalbfy5mtq._file
Verdict:
malicious
Similar samples:
223bbe1af0d09289a1ebeddf78e3218fcae28d0a69c291d66fee5fa29337844a
Formbook
2548272de2d930f99b953bf466d49d5f850f4f9105ff420937edfa9ae70aff7d
Formbook
27faaaca4acb955010d7b8c16764a536c04149f2d332f99668d6ff6f292bfc20
Formbook
322427854deccec94e7331e8d3faa9f2701289b8e2faac322889c5b04d6b8f5e
Formbook
5b15b1fd3bf2eef911358d7125b5120eb716dcd75af883cd133dc0e346988c85
Formbook
7b374209103049367377912f01bee277ac736b1f7d0010b87e8fac5c18986dff
Formbook
7f6459ace4d6259e61c8170563af8a30f25568457902f4f717c8ad17574efab6
Formbook
c4cd89d489b7605791a6cbb36b373089c926972fe51b5ddaa584f0870febf58f
Formbook
f38d170b1da421aa60e778a64fec953d3058336f7cb06568ba7926495fe87f0c
Formbook
fb000356c5a5e099f9298966a08d806286aab7a9c54f324437a7248af114c109
Formbook
+ 5'298 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip 3518e76553d46d9023689920bf56f66b8a0a1384e4740623e9b1fd7ae7db1b45

Formbook

Executable exe 2df514e021d7b92b4c12d4a4c37b67e012483b18142c7b7cf562180584b8eb27

(this sample)

  
Dropped by
MD5 7cb5ea3806a9be8156afb989753bd10d
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 3518e76553d46d9023689920bf56f66b8a0a1384e4740623e9b1fd7ae7db1b45

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments