MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ed5b523a7b1d55effd77366e3b4e2ab0eb376746e2c86e1cff992d08540c4b5d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ed5b523a7b1d55effd77366e3b4e2ab0eb376746e2c86e1cff992d08540c4b5d
SHA3-384 hash: 2fa0f390ae7e21bd90cb322d93674a5f167a5398b38f424599c91e2a285c7971f994061feac0fc1032735db5bbd8ef10
SHA1 hash: a8195128f17b015a6c60d8f25ac3b12397cd14af
MD5 hash: 6b4933fb5f424c07b533afb091c78538
humanhash: alanine-eleven-orange-august
File name:RFQ.29.04.2020.exe
Download: download sample
Signature Formbook
Create hunting rule
File size:294'912 bytes
First seen:2020-04-29 18:35:28 UTC
Last seen:2020-04-29 20:05:10 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 6144:M6q4wY5YYPy0TlwrU6uwvstn2UbgqD7+m4YXlGGkXouHSk+5+sZmakbIAWODc7Il:r2g6SNfboeXu5zDst/AWiVeAj6o
Threatray 5'317 similar samples on MalwareBazaar
TLSH 405402BD57A8237FC87E46BA90518E59B268C039C302F3E50EEA565C046FBD0685DED3
Reporter abuse_ch
Tags:exe FormBook


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: smtp.safemail.it
Sending IP: 147.123.1.124
From: Sales Manager Mr Yuzh <yuzhengxi@xinjinquan.cn>
Reply-To: 042w0w@gmail.com
Subject: products List
Attachment: RFQ.29.04.2020.rar (contains "RFQ.29.04.2020.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.33741831.2131.12707.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-29 08:45:46 UTC
File Type:
PE (.Net Exe)
Extracted files:
3
AV detection:
26 of 31 (83.87%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5vnveot3dvk677lxgzxdwtrkwdvtoz2g4leg4hh7tewqqvamjnoq._file
Verdict:
malicious
Similar samples:
223bbe1af0d09289a1ebeddf78e3218fcae28d0a69c291d66fee5fa29337844a
Formbook
27faaaca4acb955010d7b8c16764a536c04149f2d332f99668d6ff6f292bfc20
Formbook
2df514e021d7b92b4c12d4a4c37b67e012483b18142c7b7cf562180584b8eb27
Formbook
322427854deccec94e7331e8d3faa9f2701289b8e2faac322889c5b04d6b8f5e
Formbook
52b517b0e9be1efed3349ff5b7e7e4a392881437d7bc9ccd7b94bbc23e28a2f9
Formbook
782999121ca089a150f34c3527a7e1c1a5f9c59a73034e3bf6ca166c590a47f3
Formbook
916237116e09e4233846389b7410a8ccc7e7ef96c0ed97c3fdb19a08499504af
Formbook
9465c69c18144431c36b77e4b36534684c7717f1d9970eb522b8aef716dd2458
Formbook
bf58aecacc268c49d707512236a42c80cf096b24850c3096eb056f662ecbe2e3
Formbook
dfc7dc8fbb5ca4e70bd22acc87b2c43c507e7967341974504a255554963fac1f
Formbook
+ 5'307 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar b0fe90c8b53a2e92bbfb3addc20faf8f878bb2d89377c9451bdceecf517b5b9a

Formbook

Executable exe ed5b523a7b1d55effd77366e3b4e2ab0eb376746e2c86e1cff992d08540c4b5d

(this sample)

  
Dropped by
MD5 8e1b5a476854207f836de3ebcc56e9d3
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 b0fe90c8b53a2e92bbfb3addc20faf8f878bb2d89377c9451bdceecf517b5b9a

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments