MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2e96f7a6b4dd1d5251af4962a9028aac90c2ceb282495018c2d879ebf583f9ea. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Formbook

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	2e96f7a6b4dd1d5251af4962a9028aac90c2ceb282495018c2d879ebf583f9ea
SHA3-384 hash:	d3104e7161fbc815c2ce680ac887332883a41f22fde262c676b61ed2680c30e5fb196347a9171a43bafa6c5399193181
SHA1 hash:	a4c5a93a7304b61745a0e2268634c8feb5c09022
MD5 hash:	1bd39d112cfa62ded925b77652507e48
humanhash:	south-hamper-pasta-victor
File name:	eER8H4h9QVFZRP1.exe
Download:	download sample
Signature	Formbook Create hunting rule
File size:	404'992 bytes
First seen:	2020-06-25 16:50:45 UTC
Last seen:	2020-06-27 07:35:13 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'649 x AgentTesla, 19'454 x Formbook, 12'202 x SnakeKeylogger)
ssdeep	12288:esO9OA8mn29zbnEp0ZpJFS5XvgyVoUButIt:esO9OAtnUcp5oUQIt
Threatray	5'210 similar samples on MalwareBazaar
TLSH	EE84E15503589FA6D6BD8B79D0A21018C3B8A103A12FF7A9DFC075ED1CE33E1944A7A7
Reporter	James_inthe_box
Tags:	exe

Intelligence

File Origin

# of uploads :

4

# of downloads :

81

Origin country :

n/a

Vendor Threat Intelligence

Detection:

Formbook

Link:

https://www.capesandbox.com/analysis/14467/

Detection(s):

SecuriteInfo.com.Trojan.Inject3.44022.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Unauthorized injection to a recently created process

Creating a file

Launching cmd.exe command interpreter

Setting browser functions hooks

Unauthorized injection to a system process

Unauthorized injection to a browser process

Detection:

formbook

Link:

https://mwdb.cert.pl/sample/2e96f7a6b4dd1d5251af4962a9028aac90c2ceb282495018c2d879ebf583f9ea/

Threat name:

ByteCode-MSIL.Trojan.Kryptik

Status:

Malicious

First seen:

2020-06-25 16:50:32 UTC

File Type:

PE (.Net Exe)

Extracted files:

10

AV detection:

24 of 31 (77.42%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=f2lppjvu3uoveunpjfrksaukvsimftvsqjevaggc3b46x5md7hva._file

Verdict:

malicious

Similar samples:

07d614e422ec5b2dbd4c0fbe9232bd0e06bc2e910bad7a6f8721eec2a2c608ae

172be7bb49ca26c5c67465ac2581d08f6301ffccf25fd319e3bc408db5c8a4d3

5ea463243b051351c219469515fb9b39d01c5c3c4f4698bd6164e36070622d35

6f827b68129d30609057c2e6b36be05649fce91d6bc8ee3d3566ca5c6aba562b

7446d879b612cbb16df459967a8b8e9149d2601fe6e62bcf1fe3f3a58ad7d771

9b2c6f08cd9a4e3b144422de4d540290542ce50239f2c85697a036a461b25264

b042e4bdfe19df2aa474fd5e2294aecc9a07d447c96466db7a7e20316d885634

bcf951a2c7bc31a37486577ae1fc83f97bc1daf987d5a35e9302eb31f5a5ebf0

bea57ca7d937bc5b3507382ba5fd4c4c155181a56cdaf0fba225e4aaa10699ec

eaf38856854d7a07f62a61ae80205ca9561eb93449224f4903209ec397b9bd4a

+ 5'200 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

evasion trojan

Link:

https://tria.ge/reports/200625-5jtpc2ja62/

Behaviour

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious behavior: MapViewOfSection

Suspicious use of SendNotifyMessage

Suspicious use of SetThreadContext

Checks whether UAC is enabled

Deletes itself

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Cape

Cape

https://www.capesandbox.com/analysis/14467/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample