MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3a0804b5ee36b66aa44341d7f9397cb93291fd788517e632b2b6a00678a5ebe3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3a0804b5ee36b66aa44341d7f9397cb93291fd788517e632b2b6a00678a5ebe3
SHA3-384 hash: a64d98b49c4bd8fc03550c63c9abee15756d5e17eba6c954e68e518970c2a71e252ffa08f1e7e9f2c6e64316940d1265
SHA1 hash: 2e9bba95167e8012d57d01662de10030f1267a87
MD5 hash: 947a94da452850dd3161651c5030abe1
humanhash: may-lactose-hydrogen-lemon
File name:Purchase order_030420.exe
Download: download sample
Signature FormBook
Create hunting rule
File size:247'296 bytes
First seen:2020-04-04 07:14:06 UTC
Last seen:2020-04-06 06:01:37 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 6144:nEomp1OX2+H6NcZ6t4Z7QltX8zi3bXXyLO:E/pMm+ZPd69O+zX
Threatray 5'163 similar samples on MalwareBazaar
TLSH 4C34018976F9151BCB3E15F0FD625B56C7BA116AB267F38F8DC0A8F114897D24003AA3
Reporter JoulK
Tags:FormBook

Intelligence

File Origin
# of uploads :
3
# of downloads :
93
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.33606026.28759.32582.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-04-04 13:04:19 UTC
File Type:
PE (.Net Exe)
Extracted files:
1
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hieajnpog23gvjcdihl7sol4xezjd7lyqul6mmvsw2qam6ff5prq._file
Verdict:
malicious
Similar samples:
157ef05047452109ec1552af00806f1469254bc14a5cc942e41180ee82d508a7
FormBook
2f771c3a96ef9ec780781a8082aa6aa1f0d885224e6feef33f3cd7bf5e847a48
FormBook
322427854deccec94e7331e8d3faa9f2701289b8e2faac322889c5b04d6b8f5e
FormBook
3beb95c4f83e5f7d1af897311a6cd1d8abfb04c656ca73d7f4c8db6ad6e5d150
FormBook
7d59dfed8b95da94664078ba62cc2b0eb6d1a346b6d4d480aef47800680c74a5
FormBook
a91c5af7a94238bb1556b641b9f5bc7798133b3d699a9f3d5b88b8f8fc12f091
FormBook
ceec91127018aba0be51981277015baf08e3f0ef6fbd0a5efe5821fa698ba645
FormBook
d994985a0e58672d0274aa6d90e7c420858e61ba9a42f1d8650a793de687714a
FormBook
ee886ad4641b398a0c45a2e4395d031727c8caf0054962d0ecb868a0112758a0
FormBook
f38d170b1da421aa60e778a64fec953d3058336f7cb06568ba7926495fe87f0c
FormBook
+ 5'153 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

Executable exe 3a0804b5ee36b66aa44341d7f9397cb93291fd788517e632b2b6a00678a5ebe3

(this sample)

anyrun
any.run
https://app.any.run/tasks/59c404ff-062d-42a0-ae44-51293b01abb1
  
Delivery method
Distributed via e-mail attachment

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments