MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 06c53a780f67985794c7652bfcdbda9309d7a9b707578fda7dfc8ceb5d7bc9c7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Formbook
Vendor detections: 6
| SHA256 hash: | 06c53a780f67985794c7652bfcdbda9309d7a9b707578fda7dfc8ceb5d7bc9c7 |
|---|---|
| SHA3-384 hash: | 610161c489878ab16bfb7b1ab2dac5134751178ccce663ca818eb726075b2540eea781aeb293d07d4098a62b31bdf7e3 |
| SHA1 hash: | a12d145546c33713c908ab30f24838e4681e2702 |
| MD5 hash: | ffc5f23efc9df0ab5bb010239827976b |
| humanhash: | chicken-kitten-sierra-solar |
| File name: | d2d2ae34ff8793b048c09d89e6349259 |
| Download: | download sample |
| Signature | Formbook |
| File size: | 1'044'480 bytes |
| First seen: | 2020-11-17 16:01:51 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | f34d5f2d4577ed6d9ceec516c1f5a744 (48'744 x AgentTesla, 19'608 x Formbook, 12'242 x SnakeKeylogger) |
| ssdeep | 12288:dzVS2Y5ElrmxXGuzPu9HbSvjsMiZiQhFgjpi5NXIf2+S9Wjy7ABl+1h:FsECWuCbSIrZh5NXIf2yyE67 |
| TLSH | 20258D2AB78C1F26E5B887B981548801B7FADE03FF63C5646C68768CC5B0F15E91DE12 |
| Reporter |  seifreed |
| Tags: | FormBook |
Intelligence
File Origin
# of uploads :
1
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:
Behaviour
Sending a UDP request
Creating a window
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
FormBook
Detection:
malicious
Classification:
troj.evad
Score:
88 / 100
Signature
Injects a PE file into a foreign processes
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Yara detected AntiVM_3
Yara detected FormBook
Behaviour
Behavior Graph:
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Status:
Malicious
First seen:
2020-11-17 16:09:11 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
5/5
Unpacked files
SH256 hash:
06c53a780f67985794c7652bfcdbda9309d7a9b707578fda7dfc8ceb5d7bc9c7
MD5 hash:
ffc5f23efc9df0ab5bb010239827976b
SHA1 hash:
a12d145546c33713c908ab30f24838e4681e2702
SH256 hash:
c8671a87d685f2354d96f3cfcad530dfa5f3ec535a0f5ec14940d81fb857813b
MD5 hash:
b5358f677850210361f573c7d249c258
SHA1 hash:
215e06e319515d779efa88f7c05b343d6ec3f6a5
SH256 hash:
d06492f12c329fc3417d9cbdeafa993343a7c7861634253488997e84c8c0b525
MD5 hash:
d6f404312a192a4dc3bc3625cf7e7b58
SHA1 hash:
3ee802935e7a05994c435522997e4bbbfdebaf4f
SH256 hash:
c6fcf5d515d56cf746b4c4aa4695f11e9ad7f6063a96cda810bf39dc47c5a7a0
MD5 hash:
47509d9db24c975e55c287afdc459fad
SHA1 hash:
4f1f893555c985d7cbba731cf1fdbf49c6ecf793
SH256 hash:
842bd8280dda7755382484127a2b44e0e72d5242ca0f001205142251d5c5e059
MD5 hash:
896996eb9945c0c38e342739a61a353b
SHA1 hash:
f63fcfab6cb32461fbe04a29d00c5c2cb9dddef2
SH256 hash:
f5d96e2e1c1feb865f399a36ced62be02c14a7c848e894811b1849ee9cff90f0
MD5 hash:
55e3d42497f2afc14f6bdd712f3a10fd
SHA1 hash:
cb09635db9a8c2eda4836b695a2a90e0c15be04f
Detections:
win_formbook_g0
win_formbook_auto
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Delivery method
Other
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.