MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9b8a6fb8c7c1b4543c6076d63b4fadeeb78f2e2f87267f53728102ee7daab41c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9b8a6fb8c7c1b4543c6076d63b4fadeeb78f2e2f87267f53728102ee7daab41c
SHA3-384 hash: 3b40a556354205374f38fd0fcacf09e8da64b3c4997429480fcc22066c3c8b0251c6028f8c6feb1e683570942cdbdf0d
SHA1 hash: 5a37ec5d18c15f59aedb06b60a114549b148c319
MD5 hash: b01d554d0220c228a384bd103a7c2b18
humanhash: cardinal-snake-purple-hydrogen
File name:Request list.exe
Download: download sample
Signature FormBook
Create hunting rule
File size:437'248 bytes
First seen:2020-05-01 09:05:12 UTC
Last seen:2020-05-01 09:47:22 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 6144:u5gTOiyIoEfecd+bdu487WZKRJtX7/TE/RQIblxJuS0Z8+qTINHJqs7O:YEGcgbdDEEMJGRj/otq
Threatray 5'158 similar samples on MalwareBazaar
TLSH 6E94BF174698461FFEFE47B8D0682550C3F5A57B62C2F74E89A041BC48BEB95EC83263
Reporter cocaman
Tags:exe FormBook

Intelligence

File Origin
# of uploads :
2
# of downloads :
124
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.43686.847.15983.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-01 08:50:55 UTC
File Type:
PE (.Net Exe)
Extracted files:
6
AV detection:
24 of 31 (77.42%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=tofg7oghyg2fipdao3ldwt5n523y6lrpq4th6u3sqebo47nkwqoa._file
Verdict:
malicious
Similar samples:
0ee92e10272c64a4416e2851c4fd4f8dfe600ce238445e3c4b8288f5aaea9ef4
FormBook
16e85e5268ed68c1741fd6293948d18a7ac9a2854e0938a015f8a894469f88b6
FormBook
1eebb3e709b273372a1edf1ef713c7cd68e90370251b4e15e5f5ec8a9328d816
FormBook
30efd997c49aae97766539c72d72529b06f1e8522ea84e71758cde4ed1846921
FormBook
387119236c9bd4c60215cab8efae3cdd16a0fe9906d83016b2dc8ee425fad40d
FormBook
752c7e3a906d1cdc7a42b1baa549ee1790b52316bb98b99e9a62206d00558568
FormBook
75952934e5ef6bb74f29c3320ef112e219cc953dc5ed8c351d742448f61161ff
FormBook
923a8eab7773b5be5e3e380de1505a2c6c71f7b82329e9f3b3ff1461dc057610
FormBook
afc658f07e5da5c8071754e973e37fb7712e1f13a5a23a6baf440cd35e60fd76
FormBook
f4c535616a04819e9553cb3dbac66db0021065fb89a5e5c799c0b4eb301fb582
FormBook
+ 5'148 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

zip c073bf8fe7bc6caeb74a2f35bdfb6a0852b0e9ffabb0e906ae339e173f040a9e

FormBook

Executable exe 9b8a6fb8c7c1b4543c6076d63b4fadeeb78f2e2f87267f53728102ee7daab41c

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 c073bf8fe7bc6caeb74a2f35bdfb6a0852b0e9ffabb0e906ae339e173f040a9e

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments