MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 47d0a3fd48775f1ebe0290c493c5f485581e766c1ee4e6d2c7f1dbc077645079. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 47d0a3fd48775f1ebe0290c493c5f485581e766c1ee4e6d2c7f1dbc077645079
SHA3-384 hash: 839a29f85f686182bc25d047adf2996cc5e9cdb2519198f1ad6a3acf7741803940c39071427d8a7410e1deb92b3eafe8
SHA1 hash: 5e026ec880a5078e93941ec4031fee005b1820f5
MD5 hash: 7f065658b3539f0fe9f984bb17fa4be7
humanhash: quiet-south-montana-blossom
File name:Payment Swift Copy PDF.exe
Download: download sample
Signature Formbook
Create hunting rule
File size:295'424 bytes
First seen:2020-04-29 16:38:59 UTC
Last seen:2020-04-29 18:12:38 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 6144:T6q4+Y5YYT1D1raCRZzXS4vL7icBW7jSWPmH3SBgAvQYP311i:C1ZLTXH2NXbmXSIYvK
Threatray 5'135 similar samples on MalwareBazaar
TLSH 485412B8566C737FC0EB867814868C1A7286906BD183F7D91DCB0ABE70EBBE43455183
Reporter abuse_ch
Tags:exe FormBook


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: vps.dailycom.com.my
Sending IP: 162.144.148.93
From: Slin Plicharoensuk <import@fsc.com.pk>
Subject: RE: outstanding payment completed
Attachment: Payment Swift Copy PDF.zip (contains "Payment Swift Copy PDF.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
99
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Banker1.29984.2334.9437.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-29 01:36:27 UTC
File Type:
PE (.Net Exe)
Extracted files:
3
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=i7ikh7kio5pr5pqcsdcjhrpuqvmb45tmd3sonuwh6hn4a53ekb4q._file
Verdict:
malicious
Similar samples:
09c8b2cb43b6f29d1dd7c642178ab2d89357005f7928dfb6ff5bdddba7be2891
Formbook
17ccd5b98d29f09cde5b49fee52602ac5e95c462c68f09c5f07d12d8a8cd8e0f
Formbook
286add28a79440668077a7d762ee81ee169f1c08daa27bc680dbf8c8832d2785
Formbook
3bd58e3b3fe712e8d7595cfbd576a96251c68a5dac230bd3e778640e8eb817ec
Formbook
48bef4e5d2768c5ccbbc84d922a276484ce75ed236a72441b5148d7a541a52e3
Formbook
7f6459ace4d6259e61c8170563af8a30f25568457902f4f717c8ad17574efab6
Formbook
895e7e85e398a6bd3615a8453c1ed21979a2676fa84af0e53077635f812b64fc
Formbook
a32eb45d58adc9019886bb3103c8b90b7fc9d8de514bfd3834dc6c626b14a6d1
Formbook
d1e9ede488849faab5eb3e767704a4644cc79e6eaac8fe996d90fa164e68f620
Formbook
f38d170b1da421aa60e778a64fec953d3058336f7cb06568ba7926495fe87f0c
Formbook
+ 5'125 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip 1f4e2d3778b8ea8c6fc9da94d6c364943f4487f6178e0f7e17b82a1567189d9f

Formbook

Executable exe 47d0a3fd48775f1ebe0290c493c5f485581e766c1ee4e6d2c7f1dbc077645079

(this sample)

  
Dropped by
MD5 7de1383f89a35e4f30688159114c4710
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 1f4e2d3778b8ea8c6fc9da94d6c364943f4487f6178e0f7e17b82a1567189d9f

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments