MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c24f35c4f744e2ab5aaa0c950506bc3c9753507848d9094a3359da507a96b861. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c24f35c4f744e2ab5aaa0c950506bc3c9753507848d9094a3359da507a96b861
SHA3-384 hash: 53ea1af4445ad35634b1236fe405aafb0d6e63278fc3c9d676762b1ff4d1d513f39078e62db3f3e51646b72d3db89e49
SHA1 hash: a4ee19e62c6ce048c7739724827c944473ba0966
MD5 hash: 14e098c83e4d4afbea1bb65e8e7ca7b9
humanhash: massachusetts-vegan-emma-stream
File name:SecuriteInfo.com.Win32.Herz.B.19823.29450
Download: download sample
Signature Formbook
Create hunting rule
File size:699'392 bytes
First seen:2020-07-08 01:41:42 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 927c37aff1985dca3a480112dcc5320c (11 x AgentTesla, 5 x NanoCore, 3 x Loki)
ssdeep 12288:0XjgbnMmIKCXsLIN4KKD6fpkR+ypsKtvP1QZTQC+ILopSxzb8iSQsrhsl/UINC:Skb4uLgpfpkZqGju/
Threatray 4'930 similar samples on MalwareBazaar
TLSH D9E49F22F7A1C837C16316799C1B5778983ABE103D2879862BE55C4CDF39381397AE93
Reporter SecuriteInfoCom
Tags:FormBook

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/22743/
Detection(s):
SecuriteInfo.com.Win32.Herz.B.19823.29450.UNOFFICIAL
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Launching a process
Launching cmd.exe command interpreter
Reading critical registry keys
DNS request
Setting browser functions hooks
Possible injection to a system process
Stealing user critical data
Unauthorized injection to a system process
Deleting of the original file
Unauthorized injection to a browser process
Detection:
formbook
Create hunting rule
Link:
https://mwdb.cert.pl/sample/c24f35c4f744e2ab5aaa0c950506bc3c9753507848d9094a3359da507a96b861/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-07 23:33:14 UTC
AV detection:
28 of 29 (96.55%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
netwirerc
Create hunting rule
Similar samples:
16de0aa2d02fae6460bb173c9104df4fa758343ab226aea79a3910dce19fa58e
Formbook
347aa505ad319b4d8ee54aabe34dfc2af12b4747af23c6b635821ba9aedd0e32
Formbook
3beb95c4f83e5f7d1af897311a6cd1d8abfb04c656ca73d7f4c8db6ad6e5d150
Formbook
3d77c2490675a0f4e86f55ac8751a9a1912cd56bd168d9ae6c110cc385a65872
Formbook
3e98d7f59e495ddfa5140a50f70347bb4a56296ca2dcb6602f65ebb4e4a0373b
Formbook
474cad642b1cf88f8d7f922cbfd9b8a00d7fc0eb40cafc0877007ee2884f105f
Formbook
6f827b68129d30609057c2e6b36be05649fce91d6bc8ee3d3566ca5c6aba562b
Formbook
d3664113994262962936ebe74d0355986970def0cd0bcdcf088fe102047df9ba
Formbook
e13acda03eb4829793beb5c0664d5752663b7ef5ae72b63724e7eaf189a9fec4
Formbook
ea9d8c28e623cbabc1407aa3da7a681adb93ef3e758fe31aaf664ff3998cddb5
Formbook
+ 4'920 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/200708-jcfdrmz2he/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious behavior: MapViewOfSection
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious behavior: MapViewOfSection
Suspicious use of SetThreadContext
Suspicious use of SetThreadContext
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Formbook

Executable exe c24f35c4f744e2ab5aaa0c950506bc3c9753507848d9094a3359da507a96b861

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/408794/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/22743/

Comments