MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 41c21923000b9bea56012586180de1614b4452b07b0ff0b6b2b2c8de6a16165e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

FormBook

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	41c21923000b9bea56012586180de1614b4452b07b0ff0b6b2b2c8de6a16165e
SHA3-384 hash:	ec5628a9d018d4497873d3337d65e8f70e5d7770e80d41a601aac96242e4103a2a0264903ace97a40744909bb87ddb88
SHA1 hash:	57d65b222e81ef6bc4986f55935c50812b5e9d4f
MD5 hash:	bd6b80ede21f02279c4341fce9e9de01
humanhash:	seventeen-idaho-three-carpet
File name:	iiiiiiiiiiiiiiiiiiiiiiii.exe
Download:	download sample
Signature	FormBook Create hunting rule
File size:	400'384 bytes
First seen:	2020-04-27 23:11:59 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep	6144:CocNoO8iN8xmjKCHmcGuXjoNHkVbeMl8x8JABKxI09+irbG00L9JB8g:TcNotiN8xmjywTadh8JQKK0DrbGfLr6g
Threatray	5'137 similar samples on MalwareBazaar
TLSH	6184BF6C0E3CAD23E69D567AD0E5058C72E9C757C83BE30B9D4229E64F0B752A9112CB
Reporter	c_APT_ure
Tags:	FormBook

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Trojan.Agent-7535463-0

Gathering data

Threat name:

Win32.Trojan.Kryptik

Status:

Malicious

First seen:

2020-01-14 09:11:58 UTC

File Type:

PE (.Net Exe)

Extracted files:

AV detection:

28 of 31 (90.32%)

Threat level:

5/5

Verdict:

malicious

FormBook

186ced16f9513049939b723225f7d4c61180a9dbbcb31c739b630a45c465b565

FormBook

1f0e1ce3138f2bea6283f0b28e127952c7d33118056bd7c3b745892aa36ba1e7

FormBook

6c5ba6671a3dbe43968be63321c9c7c0ddf8cf295e4fe4ac114a85517d7b1d9b

FormBook

a74dc03e9148e12ba784bf4c26337ceb1d76778a4e9ba036e1fd5d78f42f8750

FormBook

db2381bce24b9a6dc5dd36eec97d7cd8e9a0c8dd03b8710f109ae37ce7566934

FormBook

de2865a1da0ef59ba900462dc92a276d1a594044e739df34262d4b0f7e86bcf2

FormBook

de55a1b3e711c74c00998d9c4cb0f5da9672b109e2f362ac55f4a9f4033ffbf7

FormBook

eeff5bd221c60c6cfbf6f0bb5a26885c15ab9446c5ad901a0cb8ea39fbdefe0d

FormBook

fa8688776f5af3521ba0bef117fdac64d2473286ad637f9f55313dd2f049c32f

FormBook

+ 5'127 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample