MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c24fa17848ef43bb56832a37269703dc8ee023e71ad2c3ff95a421288a63f20c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c24fa17848ef43bb56832a37269703dc8ee023e71ad2c3ff95a421288a63f20c
SHA3-384 hash: e8897cc1874c2b0135c04a1e6f3444a1cb2fbcfbc656ddc9451fdfc77a7c001ed0d68020bf5c303304b2622799e48043
SHA1 hash: 100efc0e6dc4422e0f79e1eecc55f18b5b0f365c
MD5 hash: 947eff9577c6c4ac9ace736d81f90b46
humanhash: asparagus-oranges-hot-dakota
File name:details.exe
Download: download sample
Signature FormBook
Create hunting rule
File size:1'490'432 bytes
First seen:2020-06-16 05:39:43 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e25804e2476796e2e14492adb0d1133c (7 x FormBook, 1 x NetWire, 1 x RemcosRAT)
ssdeep 24576:vsE+vF8Th7G6rdhASVNe1/hqIiHspTM7x:vsEmIQSjiBiM
Threatray 2'300 similar samples on MalwareBazaar
TLSH 75658D37A3D17476C1E63EB9D816C69E58DEBDC01A94107F1AEB4B0B1A2B661333C172
Reporter abuse_ch
Tags:exe FormBook

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/10597/
Detection(s):
PUA.Win.Packer.BorlandDelphi-15
Create hunting rule

PUA.Win.Adware.Webalta-6854075-0
Create hunting rule

PUA.Win.Adware.Webalta-6862190-0
Create hunting rule

Gathering data
Threat name:
Win32.Exploit.BypassUac
Create hunting rule
Status:
Malicious
First seen:
2020-06-16 05:41:06 UTC
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=yjh2c6ci55b3wvudfi3snfyd3shoai7hdljmh74vuqqsrctd6iga._file
Verdict:
malicious
Label(s):
netwirerc
Create hunting rule
Similar samples:
23808af89fdb7af9f2b747f6a339122177e7abc79136a411f24831cf329606b2
FormBook
36abbef320573be77f282a10faa2413d38710d336ab7c61eb31a8f0ee572f6f6
FormBook
3f86f49f3c2e3583c70385971bdba545c85d8f2d66f8923bf446dde88be3afc0
FormBook
608a80fead8047545beea311f70ac37dcc5c97fceb2961b9cbea9fb6940dc3eb
FormBook
6ecd0fd68547a4d37029ffff903e0fb2698b98c8774aaa9b2593b4f4936cd812
FormBook
91864b23c3bfb54a354704f3fa769b25d641fd510aa4854a45f5de5956505e91
FormBook
e3e778591453a54d2cbd3ab1bb4ecb69ed94222f248aac24a95fb951fc6101f0
FormBook
e65953c2d6e33c5da860ceac22ef685533e9b43bb3986e8e136eec82a5f5e547
FormBook
e825c5b9c196015372cc2153f670cdfec42827fe20aff62c5d493b67fd9c92f1
FormBook
ef14e580eca50b75acae60fa7c6642fa89fc91ee8492f5193608937f4d78781b
FormBook
+ 2'290 additional samples on MalwareBazaar
Result
Malware family:
modiloader
Create hunting rule
Score:
  10/10
Tags:
family:modiloader
Link:
https://tria.ge/reports/201109-bvjrcwq38x/
Behaviour
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

Executable exe c24fa17848ef43bb56832a37269703dc8ee023e71ad2c3ff95a421288a63f20c

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/10597/

Comments