MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 36abbef320573be77f282a10faa2413d38710d336ab7c61eb31a8f0ee572f6f6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 36abbef320573be77f282a10faa2413d38710d336ab7c61eb31a8f0ee572f6f6
SHA3-384 hash: a3fa09e219d7f5604cad5fc670f1263433f3e6f86781c28ca83b20c6f741e8cf742865a14e47bad16cce1373bee83fff
SHA1 hash: efc684da67942642d7e035f4a9061323ca129aa0
MD5 hash: 4f982d15ccb22d48bf458e4e9bbccb1f
humanhash: lithium-floor-king-salami
File name:Kmquazw.exe
Download: download sample
Signature FormBook
Create hunting rule
File size:1'254'912 bytes
First seen:2020-06-12 14:24:00 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 70411d486e9bd9bdaaf2d4939bbd54bc (1 x NetWire, 1 x FormBook)
ssdeep 24576:6aXcbtJOhBn2j4byGtIW3n/jlToooooooooooooooo:6aXqO2sbyGxToooooooooooooooo
Threatray 2'233 similar samples on MalwareBazaar
TLSH E1456C22B7914C33C1331A3DDC5B9679E82ABE511A24A8C62BF83D789F75341392D1B7
Reporter abuse_ch
Tags:exe FormBook

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/10074/
Detection(s):
PUA.Win.Packer.BorlandDelphi-15
Create hunting rule

SecuriteInfo.com.Trojan.DownLoader33.52581.22244.7308.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Remcos
Create hunting rule
Status:
Malicious
First seen:
2020-06-12 14:25:07 UTC
AV detection:
26 of 48 (54.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=g2v354zak456o7zifiipvisbhu4hcdjtnk34mhvtdkhq5zls633a._file
Verdict:
malicious
Label(s):
netwirerc
Create hunting rule
Similar samples:
23808af89fdb7af9f2b747f6a339122177e7abc79136a411f24831cf329606b2
FormBook
3f86f49f3c2e3583c70385971bdba545c85d8f2d66f8923bf446dde88be3afc0
FormBook
608a80fead8047545beea311f70ac37dcc5c97fceb2961b9cbea9fb6940dc3eb
FormBook
6ecd0fd68547a4d37029ffff903e0fb2698b98c8774aaa9b2593b4f4936cd812
FormBook
91864b23c3bfb54a354704f3fa769b25d641fd510aa4854a45f5de5956505e91
FormBook
c24fa17848ef43bb56832a37269703dc8ee023e71ad2c3ff95a421288a63f20c
FormBook
e3e778591453a54d2cbd3ab1bb4ecb69ed94222f248aac24a95fb951fc6101f0
FormBook
e65953c2d6e33c5da860ceac22ef685533e9b43bb3986e8e136eec82a5f5e547
FormBook
e825c5b9c196015372cc2153f670cdfec42827fe20aff62c5d493b67fd9c92f1
FormBook
ef14e580eca50b75acae60fa7c6642fa89fc91ee8492f5193608937f4d78781b
FormBook
+ 2'223 additional samples on MalwareBazaar
Result
Malware family:
modiloader
Create hunting rule
Score:
  10/10
Tags:
family:modiloader trojan
Link:
https://tria.ge/reports/201109-9rrnj8hpq2/
Behaviour
Suspicious use of WriteProcessMemory
ModiLoader First Stage
ModiLoader, DBatLoader
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

Executable exe 36abbef320573be77f282a10faa2413d38710d336ab7c61eb31a8f0ee572f6f6

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/10074/

Comments