MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0638b1723d45eb9fbbf4db0428aeb59b08da4082779c361ae881445ef35bb6d4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Formbook

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	0638b1723d45eb9fbbf4db0428aeb59b08da4082779c361ae881445ef35bb6d4
SHA3-384 hash:	7d9f0bc4a4fb196388bde4b7403943b30a82c3665dee564bdc92446b23ad8ae567db6c2501913f135c76afca3b0339f3
SHA1 hash:	10ff1580fb137006d2e396ee9432ff4a84b409b7
MD5 hash:	9d4c81c16699da96cacc73cabaaf9fb4
humanhash:	washington-east-sweet-river
File name:	SecuriteInfo.com.Trojan.GenericKD.43466730.30129.29543
Download:	download sample
Signature	Formbook Create hunting rule
File size:	294'912 bytes
First seen:	2020-07-10 17:43:59 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep	6144:VBZTnj2tYxnyY0roUHrrgd3AXa3CUuQzeUO3OMx:Vfna6yBroUQd3ka3VShvx
Threatray	5'116 similar samples on MalwareBazaar
TLSH	9454F119338AC32AD96C0435C4E7223813F57F476A73EA56AFCCB288BF413879951B56
Reporter	SecuriteInfoCom
Tags:	FormBook

Intelligence

File Origin

# of uploads :

1

# of downloads :

103

Origin country :

n/a

Vendor Threat Intelligence

Detection:

Formbook

Link:

https://www.capesandbox.com/analysis/24467/

Detection(s):

SecuriteInfo.com.Trojan.GenericKD.43466730.30129.29543.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Launching a process

Launching cmd.exe command interpreter

Possible injection to a system process

Deleting of the original file

Detection:

formbook

Link:

https://mwdb.cert.pl/sample/0638b1723d45eb9fbbf4db0428aeb59b08da4082779c361ae881445ef35bb6d4/

Threat name:

ByteCode-MSIL.Spyware.Noon

Status:

Malicious

First seen:

2020-07-10 09:02:06 UTC

AV detection:

24 of 29 (82.76%)

Threat level:

2/5

Verdict:

malicious

Similar samples:

0abe72d915f50b2a21fc3cafc52152db81bef2a16be4ccde68e64942bf927af1

28ebdc57f4de0a5f04d5ac0c8f17996d257df911de9900c3e6db1f1e213383b7

7095eec286427d0c168ef01a9d20e741032194cd9e4fb607c02a55c0a1df29c5

8cd14212205658092f91a376a85fb70802200671ea0cbc74b73f1fcaf0f88ddb

92574e92ed7461639393ef09258609b637fc5e68341c5fe13e460f2dff705d0d

97d8ae62cb751e857b04d9eaa68ee2acce3d7243009bdb04639a729cdfc7cbf3

b5ee70ba14a2bcb9936bd64d99ce7b51785ba328b16a0be49d47c10cba17980c

d7083f1007834bbc16f0b6d2ee0e1e2b9e79a04af2a2e21f2d2682c9dff939eb

dc390cfb0419c5a93c339e395061b5ed5d9d7b08995680552d409c8f8302a109

e273d82c782a01c388cc619e6832bfb43301f4308884751b9393262302fc84c0

+ 5'106 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/200710-46glc878p2/

Behaviour

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Program crash

Suspicious use of SetThreadContext

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 0638b1723d45eb9fbbf4db0428aeb59b08da4082779c361ae881445ef35bb6d4

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/410842/

Delivery method

Distributed via web download

Cape

Cape

https://www.capesandbox.com/analysis/24467/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample