MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 70dea2916d0ca9c6cbd5414addb05007b7ece30a36129de2733cd5373710ee99. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 70dea2916d0ca9c6cbd5414addb05007b7ece30a36129de2733cd5373710ee99
SHA3-384 hash: 0d78c3bafe1f535af14bab3f41fd5eaa2c8dcec452f0b324069446b5187034c2930bf8b01eb36576020129a2d3adc518
SHA1 hash: 41deb769c3dcc4710c610845f4da53c07e3944e5
MD5 hash: 1f9ca14d7de227bebdb754c6b35225d4
humanhash: moon-dakota-utah-yellow
File name:file01.exe
Download: download sample
Signature FormBook
Create hunting rule
File size:1'490'432 bytes
First seen:2020-06-18 05:27:39 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e25804e2476796e2e14492adb0d1133c (7 x FormBook, 1 x NetWire, 1 x RemcosRAT)
ssdeep 24576:EsE+vF8Th7G6rdhASVNe1/hqIiHszTM7x:EsEmIQSjiBiM
Threatray 144 similar samples on MalwareBazaar
TLSH 88658D37A3D17476C1E63EB9D816C69E589EBDC01AD4107F1AEB4B0B1A2B661333C172
Reporter abuse_ch
Tags:exe FormBook

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Detection(s):
PUA.Win.Packer.BorlandDelphi-15
Create hunting rule

PUA.Win.Adware.Webalta-6854075-0
Create hunting rule

PUA.Win.Adware.Webalta-6862190-0
Create hunting rule

SecuriteInfo.com.Trojan.DownLoader33.54874.8500.28600.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Exploit.BypassUac
Create hunting rule
Status:
Malicious
First seen:
2020-06-18 05:29:07 UTC
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=odpkfelnbsu4ns6viffn3mcqa636zyykgyjj3ytthtktonyq52mq._file
Verdict:
malicious
Label(s):
netwirerc
Create hunting rule
Similar samples:
23808af89fdb7af9f2b747f6a339122177e7abc79136a411f24831cf329606b2
FormBook
4c1fe4c0f5d8d1277036802c83df3e083b31318dfc2c194ce93b7169d7ba6e3d
FormBook
6ecd0fd68547a4d37029ffff903e0fb2698b98c8774aaa9b2593b4f4936cd812
FormBook
7246bf76c555a29cb79c124fb1e17001ffcd4625e99fdd552ff9fe88427a0e48
FormBook
785790e2814af826f66cf31460fdcf7ce48513c6f451fca29fa52f101dd65b00
FormBook
7c7a7c3e89daeb57bcd8fe5a895461161efafa3a5b2f111e0e23aff6b3f9535a
FormBook
82621455e0c9ed9c46f6947beeaf2c5a6962a035eea50b337fad6368b5a6485b
FormBook
91864b23c3bfb54a354704f3fa769b25d641fd510aa4854a45f5de5956505e91
FormBook
b4cc964b3b1f415fccc67c3a67bd73c6841a6438c4e0725fe8b44602ebece89b
FormBook
c24fa17848ef43bb56832a37269703dc8ee023e71ad2c3ff95a421288a63f20c
FormBook
+ 134 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200624-y4dd18852x/
Behaviour
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

Executable exe 70dea2916d0ca9c6cbd5414addb05007b7ece30a36129de2733cd5373710ee99

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/19588/

Comments