MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 474af43d204f161ca0f2138812a1081fa7a09e5a64dc862cda83a8f23a3ff88e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 474af43d204f161ca0f2138812a1081fa7a09e5a64dc862cda83a8f23a3ff88e
SHA3-384 hash: a278f1308549f23b4f6929b06db2c70d5ab927ae09fc6a6ba1649549b50891b96e3ae44505b4c7f5b3d09aa6623a29b1
SHA1 hash: b6802fe01f771015e37c7e279dc17c1180328086
MD5 hash: 07d7d1f8aaec814b28f44fda199a974f
humanhash: october-july-speaker-kentucky
File name:DHL Shipment Notification 20072045127.exe
Download: download sample
Signature FormBook
Create hunting rule
File size:294'400 bytes
First seen:2020-04-30 07:52:28 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 6144:BUXohgxMSZdV1RKs9Oadnykv9+GQBhlaM90diLcAgkRSBmJlsD6xzlro:sMer15QaP9+NvQT8Lom4D638
Threatray 5'094 similar samples on MalwareBazaar
TLSH D15412BC6A28EC13D5BA5F3D78635F4942F04C2B7A4EFB578A9838046D7A78007D64B4
Reporter abuse_ch
Tags:DHL exe FormBook


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: k023.k023jp4238.info
Sending IP: 160.16.147.59
From: DHL CUSTOMER SUPPORT <customerservice@dhl.com>
Subject: DHL Shipment Notification: 20072045127
Attachment: DHL Shipment Notification 20072045127.img (contains "DHL Shipment Notification 20072045127.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
94
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-29 17:25:47 UTC
File Type:
PE (.Net Exe)
Extracted files:
4
AV detection:
25 of 31 (80.65%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=i5fpipjaj4lbzihscoebfiiid6t2bhs2mtoimlg2qoupeor77cha._file
Verdict:
malicious
Label(s):
nanocorerat
Create hunting rule
Similar samples:
11bd0634bb7c4af4391c544efdf458686bc52b75ce6919469ad01e7bf11bdb1a
FormBook
186ced16f9513049939b723225f7d4c61180a9dbbcb31c739b630a45c465b565
FormBook
223bbe1af0d09289a1ebeddf78e3218fcae28d0a69c291d66fee5fa29337844a
FormBook
3090f005fcc23beec6754643f4518fc4180d5add99a42bd376e45fba69519491
FormBook
5628310c6fe718d77dadbc5c8cb6238faa27942517b590c2a87c07aadca429d6
FormBook
7f6459ace4d6259e61c8170563af8a30f25568457902f4f717c8ad17574efab6
FormBook
a55e0055555b9fd9a4434bd07b5f9b60b98f5e587b8fccdf4aabe2f55d3290ca
FormBook
a88caf11b01cea311aca13b6e757a8974d5033e1acb8749b9d1951ed0d93d44c
FormBook
ebfb1ff1b4c2b59183abffb8fbc8fd8271d0756868ceca9b72b26cfee8030ec9
FormBook
f38d170b1da421aa60e778a64fec953d3058336f7cb06568ba7926495fe87f0c
FormBook
+ 5'084 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

img 1d0c5b8ada78384c5f0c4239797189173e795533b34a9f8f687367c5aa72e008

FormBook

Executable exe 474af43d204f161ca0f2138812a1081fa7a09e5a64dc862cda83a8f23a3ff88e

(this sample)

  
Dropped by
MD5 19c42260b8bb57bb36961b64a94fc313
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 1d0c5b8ada78384c5f0c4239797189173e795533b34a9f8f687367c5aa72e008

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments