MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 91864b23c3bfb54a354704f3fa769b25d641fd510aa4854a45f5de5956505e91. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 91864b23c3bfb54a354704f3fa769b25d641fd510aa4854a45f5de5956505e91
SHA3-384 hash: e33597d5a1e34c5c8f28ab613b2dcf887a487c47ee12a9ed6e72f38bca9fa231ab9e325c44ac5c758dd775ebda151977
SHA1 hash: 215c3b8a6eb87b1466b5dc38e8784c0b176e8ac0
MD5 hash: 44f4cbe95fce72b86d4f84717fb752d3
humanhash: yankee-quiet-harry-zebra
File name:Order2.exe
Download: download sample
Signature FormBook
Create hunting rule
File size:1'490'432 bytes
First seen:2020-06-16 10:45:48 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e25804e2476796e2e14492adb0d1133c (7 x FormBook, 1 x NetWire, 1 x RemcosRAT)
ssdeep 24576:msE+vF8Th7G6rdhASVNe1/hqIiHsCTM7x:msEmIQSjiBiM
Threatray 99 similar samples on MalwareBazaar
TLSH 84658D37A3D17476C1E63EB9D816C69E58DEBDC01A94107F1AEB4B0B1A2B661333C172
Reporter abuse_ch
Tags:exe FormBook


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: slot0.nextbugaero.com
Sending IP: 45.95.169.180
From: Nicole Gapes<info@nextbugaero.com>
Reply-To: gapes.nicole@yahoo.com
Subject: Price List
Attachment: order2.img (contains "Order2.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/10892/
Detection(s):
PUA.Win.Packer.BorlandDelphi-15
Create hunting rule

PUA.Win.Adware.Webalta-6854075-0
Create hunting rule

PUA.Win.Adware.Webalta-6862190-0
Create hunting rule

SecuriteInfo.com.Trojan.DownLoader33.54874.8500.28600.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Exploit.BypassUac
Create hunting rule
Status:
Malicious
First seen:
2020-06-16 10:47:05 UTC
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=sgdewi6dx62uunkhatz7u5u3exled7krbksikssf6xpfsvsql2iq._file
Verdict:
malicious
Label(s):
netwirerc
Create hunting rule
Similar samples:
23808af89fdb7af9f2b747f6a339122177e7abc79136a411f24831cf329606b2
FormBook
36abbef320573be77f282a10faa2413d38710d336ab7c61eb31a8f0ee572f6f6
FormBook
6ecd0fd68547a4d37029ffff903e0fb2698b98c8774aaa9b2593b4f4936cd812
FormBook
70dea2916d0ca9c6cbd5414addb05007b7ece30a36129de2733cd5373710ee99
FormBook
7246bf76c555a29cb79c124fb1e17001ffcd4625e99fdd552ff9fe88427a0e48
FormBook
785790e2814af826f66cf31460fdcf7ce48513c6f451fca29fa52f101dd65b00
FormBook
7c7a7c3e89daeb57bcd8fe5a895461161efafa3a5b2f111e0e23aff6b3f9535a
FormBook
b4cc964b3b1f415fccc67c3a67bd73c6841a6438c4e0725fe8b44602ebece89b
FormBook
c24fa17848ef43bb56832a37269703dc8ee023e71ad2c3ff95a421288a63f20c
FormBook
e3e778591453a54d2cbd3ab1bb4ecb69ed94222f248aac24a95fb951fc6101f0
FormBook
+ 89 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200624-sy21l6f4ln/
Behaviour
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

img e6c7fded730b3a7330e68f13c2b540a886b05d276a5c4ec3536a9c9813cc5e34

FormBook

Executable exe 91864b23c3bfb54a354704f3fa769b25d641fd510aa4854a45f5de5956505e91

(this sample)

  
Dropped by
MD5 5e2349edf78491f2e793543978e0bd5d
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 e6c7fded730b3a7330e68f13c2b540a886b05d276a5c4ec3536a9c9813cc5e34
Cape
Cape
https://www.capesandbox.com/analysis/10892/

Comments