MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6cfae9fac2b59c2520f8911a66bd16899886170ff2a5f17f40161ac47f66b0ff. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 1 File information 1 Yara 2 Comments

SHA256 hash: 6cfae9fac2b59c2520f8911a66bd16899886170ff2a5f17f40161ac47f66b0ff
SHA3-384 hash: ddfea14f8da1fa9335aa711ebdf6d650cce8368616803e220a67b143f78aa17d04bdcc8647e1a612968d6176b55cb6ef
SHA1 hash: 562ae410121bf87420074a70023c40bbb9e7bcc3
MD5 hash: b0ee0f69d0044d4d4e1ba6fbe7a556ee
humanhash: football-blossom-three-thirteen
File name:b0ee0f69d0044d4d4e1ba6fbe7a556ee.exe
Download: download sample
Signature FormBook
File size:494'592 bytes
First seen:2020-06-30 08:50:53 UTC
Last seen:2020-06-30 09:59:25 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 6144:tIFhuSYWFYgrKsUc3y2WnO1xzcWmZXe2rkwnbo60T21BOcCSrYDEgfje5ig1ef9:wh8Mz+sv3y2N1xzAZprkmuN/SD5iKef
TLSH 2AB4E0B17A82794DC40D1B7B912299C0EB3291C339EBDB1E67D9073D4DD2B4E8E4065B
Reporter @abuse_ch
Tags:exe FormBook


Mail intelligence No data
# of uploads 2
# of downloads 32
Origin country FR FR
CAPE Sandbox Detection:Formbook
CERT.PL MWDB Detection:formbook
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Noon
First seen:2020-06-26 17:38:00 UTC
AV detection:27 of 31 (87.10%)
Threat level:   2/5
Spamhaus Hash Blocklist :Malicious file
Hatching Triage Score:   8/10
Malware Family:n/a
VirusTotal:Virustotal results 60.27%

Yara Signatures

Rule name:Formbook
Author:JPCERT/CC Incident Response Group
Description:detect Formbook in memory
Reference:internal research
Rule name:win_formbook_auto
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.