MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9b7aafdd3549d2f40208d8cbf57b3763d033bfe15a31541a3ca7329e7c2d61d6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

FormBook

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	9b7aafdd3549d2f40208d8cbf57b3763d033bfe15a31541a3ca7329e7c2d61d6
SHA3-384 hash:	7f03f57ef5c82c466cd5b015fc91a5d120a5e68933ba0298a8617c4ee7b46b1e8c8acfb2ce1ab84162dbf10ef125b4ca
SHA1 hash:	a9c755ddaeab8f0e83b88000eacbb717ee65e022
MD5 hash:	270199b6164dcb62a44eb138479a213e
humanhash:	sixteen-seventeen-neptune-speaker
File name:	270199b6164dcb62a44eb138479a213e.exe
Download:	download sample
Signature	FormBook Create hunting rule
File size:	333'312 bytes
First seen:	2020-05-18 13:52:37 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	25fec3188ac5c27c58ff9b7a5e8a7344 (3 x FormBook)
ssdeep	6144:jFPYi6T77ZB9wbY1GVoap1DkYPo5hWGAS3KWo3yjyXDzdk3N:jFwiw730zV8AAo3yjyzzdk
Threatray	2'226 similar samples on MalwareBazaar
TLSH	4B647B22F62CCEB8D13F94367A92CDAA8DC95DB3242E4C55C578E312C5BD6D1C84B272
Reporter	abuse_ch
Tags:	exe FormBook

Intelligence

File Origin

# of uploads :

1

# of downloads :

92

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Downloader.Aiis-6803892-0

Gathering data

Threat name:

Win32.Trojan.Kryptik

Status:

Malicious

First seen:

2020-05-18 14:41:00 UTC

File Type:

PE (Exe)

Extracted files:

7

AV detection:

23 of 31 (74.19%)

Threat level:

2/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=tn5k7xjvjhjpiaqi3df7k6zxmpidhp7bliyvigr4u4zj47bnmhla._file

Verdict:

malicious

Label(s):

trickbot

emotet

Similar samples:

0dcc0b25c073c73ae67b48662ec4c81932ff862afdaac7cba1efa63290d6902f

4b2c4e99f90ead8a22dd705733b21dbc32b71344e2022e229ff59d967e359203

5ad78a69716725c819bc307eb9627bea7479db03cbdc17d5930aa72341fabe73

7050254375f80a115a4a4a497bd423bcedd3b5bf2dcd8aceca58376cbc6b23a2

8842ac3497c777517b2f18152eabaa0994a460d249773a5e89a4e16bca2bd741

8913dfdcb2c32518af2ed1836daac8559bd5b62c2fe2461463c49a5275bea4de

8f71441f8e9db24dceee698de265dab77bda6298ceb4b9bc8cb1d77a54d7229d

e5d4600354cad7a882caac33f0e18bc6702a269dab9315ef71835fbbad747626

f8cd5468cae1b7ef288867c7be839e906c6671310d07c8811d044e435b2759e0

fad4f5a49b06971b1e9f09356dd43bf47cdeddc1b4af2d6cda4369c73a352cc7

+ 2'216 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-yk89xmyqmn/

Behaviour

Suspicious behavior: EnumeratesProcesses

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

exe 9b7aafdd3549d2f40208d8cbf57b3763d033bfe15a31541a3ca7329e7c2d61d6

(this sample)

Delivery method

Distributed via e-mail attachment

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample