MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a75706020d8d39c3ad03dafeb71baf8e555cbc0223f656aa9335420264a9773e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a75706020d8d39c3ad03dafeb71baf8e555cbc0223f656aa9335420264a9773e
SHA3-384 hash: c280784d92653c0f409906465ff862640b7d4873ec3f338eb5c6dd4c2cea27f6ce4f09d55a50b1ecc80b12df3682c814
SHA1 hash: 586a50b87824f8e45bfe01384ffd1f284c07d15d
MD5 hash: 7497bb431292c04006244714f2c2630a
humanhash: missouri-april-north-illinois
File name:7497bb431292c04006244714f2c2630a.exe
Download: download sample
Signature FormBook
Create hunting rule
File size:696'320 bytes
First seen:2020-07-01 05:35:43 UTC
Last seen:2020-07-01 06:54:40 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 3dbf6c2cd2886e109ef90dcce86638b7 (5 x FormBook, 1 x NetWire, 1 x RemcosRAT)
ssdeep 12288:Se7+LHvP79bjBoxHyzKXAzgqGD4+dCIJuxd6Ur5IScz5ISF+gAuA1KzqrRUyqqjl:dq779bjBoAzKXAPC4VYX/ebP2kcjc
Threatray 5'125 similar samples on MalwareBazaar
TLSH 46E4CF21B7D0953BDD6B1BB48C0F6AA86C267D902E99584F3AF80CCE6B7D361342D153
Reporter abuse_ch
Tags:exe FormBook

Intelligence

File Origin
# of uploads :
2
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/17569/
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a75706020d8d39c3ad03dafeb71baf8e555cbc0223f656aa9335420264a9773e/
Threat name:
Win32.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-07-01 01:19:22 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=u5lqmaqnru44hlid3l7log5przkvzpacep3fnkutgvbaezfjo47a._file
Verdict:
malicious
Similar samples:
0abe72d915f50b2a21fc3cafc52152db81bef2a16be4ccde68e64942bf927af1
FormBook
2460c3a92796b5c40abef5471ee446623489b3c1bfb70f1015ab74961d477561
FormBook
5e76ddd6dfa4215c3dbd7269318d15a5e5fae698e65600df0aa3f16639d8fc44
FormBook
5f09e9c7496cd8bfbb33147b3fea11791894235021e488eb17dcd582c9dae0b1
FormBook
6023812166224ffe7f3ff3efacddccd27c4ae1f09aa2dc9e2f5c8557d6bb4382
FormBook
a405c8cf0c233bddd6849726247d1426589e3a709e0a0378be86d93868fac48c
FormBook
b5ee70ba14a2bcb9936bd64d99ce7b51785ba328b16a0be49d47c10cba17980c
FormBook
c2221b7f65afde44bb459fec37286e4ad1f032d30be34d04527497c4b6acfdbd
FormBook
c7544c2d4180660fc3a96f3b66b5caa0e168dcfbb35a870f1c576a152ed62348
FormBook
d4405060b30fab298c2747fc58ec301dfa160be2df3e335a78900fac044a2493
FormBook
+ 5'115 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
persistence
Link:
https://tria.ge/reports/200701-zfk123dmy2/
Behaviour
Suspicious behavior: EnumeratesProcesses
Adds Run entry to start application
Legitimate hosting services abused for malware hosting/C2
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/17569/

Comments