MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0978bd6c3a575dd054cd139eaecc851695800c859e61ed340b47c9d5bf0d0d38. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 15


Intelligence 15 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0978bd6c3a575dd054cd139eaecc851695800c859e61ed340b47c9d5bf0d0d38
SHA3-384 hash: b7ce2da3d50aca61b38bd50ebc96161e654895b531fd408d2b07b8163ddd4811e1c03a067a8144ce87a4d1da6e6ca425
SHA1 hash: 2380d7774b44918c6644ae0e9ad4df1a318ea11b
MD5 hash: cc5ef31195300b2ba7931939057df6f9
humanhash: equal-uncle-robert-sweet
File name:0978bd6c3a575dd054cd139eaecc851695800c859e61ed340b47c9d5bf0d0d38
Download: download sample
Signature Formbook
Create hunting rule
File size:803'328 bytes
First seen:2023-07-06 11:06:39 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'657 x AgentTesla, 19'468 x Formbook, 12'206 x SnakeKeylogger)
ssdeep 12288:rVLbhaDnLMzIL2q+RTdOL8U82C6S0yBxdqswdnU85ucBKL/4MdmYaAw/J5tXcIm:x5OyqGUL8D2n9y2nU8NUdqrtsI
Threatray 3'231 similar samples on MalwareBazaar
TLSH T1BA05023C53A2992BC54F2F7C0A9542BAA7F989933613D3038397693E9D1EBD54A314C3
TrID 63.0% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
11.2% (.SCR) Windows screen saver (13097/50/3)
9.0% (.EXE) Win64 Executable (generic) (10523/12/4)
5.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
3.8% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon b2ccf4e0e8d1c29c (12 x AgentTesla, 10 x Loki, 2 x SnakeKeylogger)
Reporter adrian__luca
Tags:exe FormBook

Intelligence

File Origin
# of uploads :
1
# of downloads :
264
Origin country :
HU HU
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
0978bd6c3a575dd054cd139eaecc851695800c859e61ed340b47c9d5bf0d0d38
Verdict:
Suspicious activity
Analysis date:
2023-07-06 11:06:26 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/61cd085e-d973-49bd-9455-64dc59f7f77c

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/409040/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.67413819.11136.2087.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Сreating synchronization primitives
Creating a file in the %AppData% directory
Enabling the 'hidden' option for recently created files
Adding an access-denied ACE
Creating a process with a hidden window
Creating a file in the %temp% directory
Launching a process
Creating a file
Forced shutdown of a system process
Adding an exclusion to Microsoft Defender
Enabling autorun by creating a file
Unauthorized injection to a system process
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
formbook packed
Link:
https://www.filescan.io/uploads/64a6a056631db84968f1ff06/reports/16cfb233-979f-43c2-9531-e0bea80f319b/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/0978bd6c3a575dd054cd139eaecc851695800c859e61ed340b47c9d5bf0d0d38
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Formbook
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/be26ff82-7b3c-4326-8217-71f27ff959d1
Result
Threat name:
n/a
Detection:
malicious
Classification:
troj.evad
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/1268057
Signature
.NET source code contains potential unpacker
Adds a directory exclusion to Windows Defender
Machine Learning detection for dropped file
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Scheduled temp file as task from temp location
Uses schtasks.exe or at.exe to add and modify task schedules
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1268057 Sample: Vg50d6JGzx.exe Startdate: 06/07/2023 Architecture: WINDOWS Score: 92 37 Malicious sample detected (through community Yara rule) 2->37 39 Sigma detected: Scheduled temp file as task from temp location 2->39 41 Multi AV Scanner detection for submitted file 2->41 43 2 other signatures 2->43 7 Vg50d6JGzx.exe 7 2->7         started        11 FrVcmkSb.exe 5 2->11         started        process3 file4 29 C:\Users\user\AppData\Roaming\FrVcmkSb.exe, PE32 7->29 dropped 31 C:\Users\...\FrVcmkSb.exe:Zone.Identifier, ASCII 7->31 dropped 33 C:\Users\user\AppData\Local\...\tmpDB05.tmp, XML 7->33 dropped 35 C:\Users\user\AppData\...\Vg50d6JGzx.exe.log, ASCII 7->35 dropped 45 Uses schtasks.exe or at.exe to add and modify task schedules 7->45 47 Adds a directory exclusion to Windows Defender 7->47 13 powershell.exe 20 7->13         started        15 schtasks.exe 1 7->15         started        17 RegSvcs.exe 7->17         started        49 Multi AV Scanner detection for dropped file 11->49 51 Machine Learning detection for dropped file 11->51 19 schtasks.exe 1 11->19         started        21 RegSvcs.exe 11->21         started        signatures5 process6 process7 23 conhost.exe 13->23         started        25 conhost.exe 15->25         started        27 conhost.exe 19->27         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0978bd6c3a575dd054cd139eaecc851695800c859e61ed340b47c9d5bf0d0d38/
Threat name:
Win32.Trojan.Woreflint
Create hunting rule
Status:
Malicious
First seen:
2023-06-07 04:51:24 UTC
File Type:
PE (.Net Exe)
Extracted files:
23
AV detection:
23 of 38 (60.53%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bf4l23b2k5o5avgncopk5tefc2kyadeftzq62nali7e5lpynbu4a._file
Verdict:
malicious
Label(s):
formbook
Create hunting rule
Similar samples:
03f51ffa9c987630724a451ad872f52bf97bd257ad06b58b6194f5dec29c8f13
Formbook
22515e24bf09d7d7b9ed02436f05853d5174aac248eb79c2b32a82096c8b30a3
Formbook
2df55ec2cbfe5ba2ddfd9a597a1c2dcfe3c91f211ba611180c97443773f79732
Formbook
34a8585e0643993caaaa6c3fcd9933354087422062d3c887dada1d65b570bfb3
Formbook
70d226c93cae74dfc4fc991b3fc74957cfb08881f53c232ed87e0d22cc5e30f1
Formbook
a022bc0ad88cce0b7ef8c68c7602003ff4150006503291b7ead2119ebdecb36d
Formbook
d96b4d0c1efd573f0833df766811861d8b116e92383da4543993971306ecbe4d
Formbook
+ 3'221 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/230706-m7y15abe4z/
Behaviour
Checks processor information in registry
Creates scheduled task(s)
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Enumerates physical storage devices
Drops file in System32 directory
Suspicious use of SetThreadContext
Checks computer location settings
Unpacked files
SH256 hash:
70382ea1b363da419e2b0e806739138db40b4ec2ea276de2f1aefbd46ee66ac9
MD5 hash:
c260a705d14d1209ee29f226099010a1
SHA1 hash:
f7a97ae4da5562d1064bc7c94d7b68e184361bcf
Detections:
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
Link:
https://www.unpac.me/results/ca9e2497-d6f7-4cfc-b436-d84092a7502f/
Parent samples :
d96b4d0c1efd573f0833df766811861d8b116e92383da4543993971306ecbe4d
70d226c93cae74dfc4fc991b3fc74957cfb08881f53c232ed87e0d22cc5e30f1
76541f045182cd4f956ea38e70aac522dd8cc95bec94eb16ff435ac732da3b97
22515e24bf09d7d7b9ed02436f05853d5174aac248eb79c2b32a82096c8b30a3
2df55ec2cbfe5ba2ddfd9a597a1c2dcfe3c91f211ba611180c97443773f79732
34a8585e0643993caaaa6c3fcd9933354087422062d3c887dada1d65b570bfb3
a022bc0ad88cce0b7ef8c68c7602003ff4150006503291b7ead2119ebdecb36d
03f51ffa9c987630724a451ad872f52bf97bd257ad06b58b6194f5dec29c8f13
395133081793df5c1542b9e77a64a5271d1b358c1a7db674108a7624a9104809
af7efb93740b9b9ee4cd6580a3eefa8298558c9f06b463eb44b03394cde441d5
0335bef9440cae7dd60e617e31258a490b9598e3dfa1325bf79ca9eca5c4c720
4e8d1df344f5009ab35ebb5fed59649cce3e0a9b7f27f312a7cc854eb74b889d
02dc237cae6224ab8277187f6574215e15b4ddd4bf5b2bddbedaa95fc077e4e2
14bd08ddfd5f3fbeffbe9adacf4662f83267492eb8a2ca70a5c7613050039dc9
3c4e179c3ad40c3916a358a7115d8b4ad6d957cb57cecbba7c979057e5370748
16ef953132f6f51c904ccd3e04c933c20110c1dcbab443059df7218392291d5f
2ea5fd6b8b0354c95a41470ae8cb816d0ffb61b6b34cd827ffa160c963b850ed
0978bd6c3a575dd054cd139eaecc851695800c859e61ed340b47c9d5bf0d0d38
ce9a0c42305d137c27b4f369996a15387ae6f0d1e391116f54e7733918083239
SH256 hash:
69ae0d2e1c3e2bbbe5183e41b3ac08a711b71c2740e59fab69abc6b463b249ae
MD5 hash:
4fc5c70a26e153516338b2bd4a6df5fb
SHA1 hash:
6d7e91edb55a50e3aeacf06752101ae672badc50
Link:
https://www.unpac.me/results/ca9e2497-d6f7-4cfc-b436-d84092a7502f/
SH256 hash:
c440617e04a50ced73c8ab992cbe8d8954a3e41f21f046ee9d1f2a41ea9b416d
MD5 hash:
9390df6c9a6111978dee5414bc42eda6
SHA1 hash:
d3cb1c366b9e466afa93eb369838a04d30777795
Link:
https://www.unpac.me/results/ca9e2497-d6f7-4cfc-b436-d84092a7502f/
SH256 hash:
5c4572c94fa522d96c44522dd90084f926f49a21f6c228447101a4279c8e6afa
MD5 hash:
2fb362801019e06a858f4a9b72020e05
SHA1 hash:
a13babc8d5b8e7f4de9192c25c2ce6cd48ef7117
Link:
https://www.unpac.me/results/ca9e2497-d6f7-4cfc-b436-d84092a7502f/
SH256 hash:
70382ea1b363da419e2b0e806739138db40b4ec2ea276de2f1aefbd46ee66ac9
MD5 hash:
c260a705d14d1209ee29f226099010a1
SHA1 hash:
f7a97ae4da5562d1064bc7c94d7b68e184361bcf
Detections:
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
Link:
https://www.unpac.me/results/ca9e2497-d6f7-4cfc-b436-d84092a7502f/
Parent samples :
d96b4d0c1efd573f0833df766811861d8b116e92383da4543993971306ecbe4d
70d226c93cae74dfc4fc991b3fc74957cfb08881f53c232ed87e0d22cc5e30f1
76541f045182cd4f956ea38e70aac522dd8cc95bec94eb16ff435ac732da3b97
22515e24bf09d7d7b9ed02436f05853d5174aac248eb79c2b32a82096c8b30a3
2df55ec2cbfe5ba2ddfd9a597a1c2dcfe3c91f211ba611180c97443773f79732
34a8585e0643993caaaa6c3fcd9933354087422062d3c887dada1d65b570bfb3
a022bc0ad88cce0b7ef8c68c7602003ff4150006503291b7ead2119ebdecb36d
03f51ffa9c987630724a451ad872f52bf97bd257ad06b58b6194f5dec29c8f13
395133081793df5c1542b9e77a64a5271d1b358c1a7db674108a7624a9104809
af7efb93740b9b9ee4cd6580a3eefa8298558c9f06b463eb44b03394cde441d5
0335bef9440cae7dd60e617e31258a490b9598e3dfa1325bf79ca9eca5c4c720
4e8d1df344f5009ab35ebb5fed59649cce3e0a9b7f27f312a7cc854eb74b889d
02dc237cae6224ab8277187f6574215e15b4ddd4bf5b2bddbedaa95fc077e4e2
14bd08ddfd5f3fbeffbe9adacf4662f83267492eb8a2ca70a5c7613050039dc9
3c4e179c3ad40c3916a358a7115d8b4ad6d957cb57cecbba7c979057e5370748
16ef953132f6f51c904ccd3e04c933c20110c1dcbab443059df7218392291d5f
2ea5fd6b8b0354c95a41470ae8cb816d0ffb61b6b34cd827ffa160c963b850ed
0978bd6c3a575dd054cd139eaecc851695800c859e61ed340b47c9d5bf0d0d38
ce9a0c42305d137c27b4f369996a15387ae6f0d1e391116f54e7733918083239
SH256 hash:
3f1bb439dc1e39bdc7ea992cdbacc9583d53e6c4949433f94a8e5be5fa4d3d29
MD5 hash:
be030d800cea4838ad5a4a7559ed3c32
SHA1 hash:
81a03d90b451475d7b229ae91a811800e03f6cb2
Link:
https://www.unpac.me/results/ca9e2497-d6f7-4cfc-b436-d84092a7502f/
SH256 hash:
69ae0d2e1c3e2bbbe5183e41b3ac08a711b71c2740e59fab69abc6b463b249ae
MD5 hash:
4fc5c70a26e153516338b2bd4a6df5fb
SHA1 hash:
6d7e91edb55a50e3aeacf06752101ae672badc50
Link:
https://www.unpac.me/results/ca9e2497-d6f7-4cfc-b436-d84092a7502f/
SH256 hash:
cffe464a8916d92dd5482446d76384ce62ef2a0547a4a96288f729edd6f92577
MD5 hash:
57a8cab7f8df994fc3035f8402b30d7c
SHA1 hash:
0228c47e9acdb287bf3dff60c2b1c08880208e90
Link:
https://www.unpac.me/results/ca9e2497-d6f7-4cfc-b436-d84092a7502f/
SH256 hash:
c440617e04a50ced73c8ab992cbe8d8954a3e41f21f046ee9d1f2a41ea9b416d
MD5 hash:
9390df6c9a6111978dee5414bc42eda6
SHA1 hash:
d3cb1c366b9e466afa93eb369838a04d30777795
Link:
https://www.unpac.me/results/ca9e2497-d6f7-4cfc-b436-d84092a7502f/
SH256 hash:
5c4572c94fa522d96c44522dd90084f926f49a21f6c228447101a4279c8e6afa
MD5 hash:
2fb362801019e06a858f4a9b72020e05
SHA1 hash:
a13babc8d5b8e7f4de9192c25c2ce6cd48ef7117
Link:
https://www.unpac.me/results/ca9e2497-d6f7-4cfc-b436-d84092a7502f/
SH256 hash:
3f1bb439dc1e39bdc7ea992cdbacc9583d53e6c4949433f94a8e5be5fa4d3d29
MD5 hash:
be030d800cea4838ad5a4a7559ed3c32
SHA1 hash:
81a03d90b451475d7b229ae91a811800e03f6cb2
Link:
https://www.unpac.me/results/ca9e2497-d6f7-4cfc-b436-d84092a7502f/
SH256 hash:
cffe464a8916d92dd5482446d76384ce62ef2a0547a4a96288f729edd6f92577
MD5 hash:
57a8cab7f8df994fc3035f8402b30d7c
SHA1 hash:
0228c47e9acdb287bf3dff60c2b1c08880208e90
Link:
https://www.unpac.me/results/ca9e2497-d6f7-4cfc-b436-d84092a7502f/
SH256 hash:
70382ea1b363da419e2b0e806739138db40b4ec2ea276de2f1aefbd46ee66ac9
MD5 hash:
c260a705d14d1209ee29f226099010a1
SHA1 hash:
f7a97ae4da5562d1064bc7c94d7b68e184361bcf
Detections:
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
Link:
https://www.unpac.me/results/ca9e2497-d6f7-4cfc-b436-d84092a7502f/
Parent samples :
d96b4d0c1efd573f0833df766811861d8b116e92383da4543993971306ecbe4d
70d226c93cae74dfc4fc991b3fc74957cfb08881f53c232ed87e0d22cc5e30f1
76541f045182cd4f956ea38e70aac522dd8cc95bec94eb16ff435ac732da3b97
22515e24bf09d7d7b9ed02436f05853d5174aac248eb79c2b32a82096c8b30a3
2df55ec2cbfe5ba2ddfd9a597a1c2dcfe3c91f211ba611180c97443773f79732
34a8585e0643993caaaa6c3fcd9933354087422062d3c887dada1d65b570bfb3
a022bc0ad88cce0b7ef8c68c7602003ff4150006503291b7ead2119ebdecb36d
03f51ffa9c987630724a451ad872f52bf97bd257ad06b58b6194f5dec29c8f13
395133081793df5c1542b9e77a64a5271d1b358c1a7db674108a7624a9104809
af7efb93740b9b9ee4cd6580a3eefa8298558c9f06b463eb44b03394cde441d5
0335bef9440cae7dd60e617e31258a490b9598e3dfa1325bf79ca9eca5c4c720
4e8d1df344f5009ab35ebb5fed59649cce3e0a9b7f27f312a7cc854eb74b889d
02dc237cae6224ab8277187f6574215e15b4ddd4bf5b2bddbedaa95fc077e4e2
14bd08ddfd5f3fbeffbe9adacf4662f83267492eb8a2ca70a5c7613050039dc9
3c4e179c3ad40c3916a358a7115d8b4ad6d957cb57cecbba7c979057e5370748
16ef953132f6f51c904ccd3e04c933c20110c1dcbab443059df7218392291d5f
2ea5fd6b8b0354c95a41470ae8cb816d0ffb61b6b34cd827ffa160c963b850ed
0978bd6c3a575dd054cd139eaecc851695800c859e61ed340b47c9d5bf0d0d38
ce9a0c42305d137c27b4f369996a15387ae6f0d1e391116f54e7733918083239
SH256 hash:
69ae0d2e1c3e2bbbe5183e41b3ac08a711b71c2740e59fab69abc6b463b249ae
MD5 hash:
4fc5c70a26e153516338b2bd4a6df5fb
SHA1 hash:
6d7e91edb55a50e3aeacf06752101ae672badc50
Link:
https://www.unpac.me/results/ca9e2497-d6f7-4cfc-b436-d84092a7502f/
SH256 hash:
c440617e04a50ced73c8ab992cbe8d8954a3e41f21f046ee9d1f2a41ea9b416d
MD5 hash:
9390df6c9a6111978dee5414bc42eda6
SHA1 hash:
d3cb1c366b9e466afa93eb369838a04d30777795
Link:
https://www.unpac.me/results/ca9e2497-d6f7-4cfc-b436-d84092a7502f/
SH256 hash:
5c4572c94fa522d96c44522dd90084f926f49a21f6c228447101a4279c8e6afa
MD5 hash:
2fb362801019e06a858f4a9b72020e05
SHA1 hash:
a13babc8d5b8e7f4de9192c25c2ce6cd48ef7117
Link:
https://www.unpac.me/results/ca9e2497-d6f7-4cfc-b436-d84092a7502f/
SH256 hash:
3f1bb439dc1e39bdc7ea992cdbacc9583d53e6c4949433f94a8e5be5fa4d3d29
MD5 hash:
be030d800cea4838ad5a4a7559ed3c32
SHA1 hash:
81a03d90b451475d7b229ae91a811800e03f6cb2
Link:
https://www.unpac.me/results/ca9e2497-d6f7-4cfc-b436-d84092a7502f/
SH256 hash:
70382ea1b363da419e2b0e806739138db40b4ec2ea276de2f1aefbd46ee66ac9
MD5 hash:
c260a705d14d1209ee29f226099010a1
SHA1 hash:
f7a97ae4da5562d1064bc7c94d7b68e184361bcf
Detections:
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
Link:
https://www.unpac.me/results/ca9e2497-d6f7-4cfc-b436-d84092a7502f/
Parent samples :
d96b4d0c1efd573f0833df766811861d8b116e92383da4543993971306ecbe4d
70d226c93cae74dfc4fc991b3fc74957cfb08881f53c232ed87e0d22cc5e30f1
76541f045182cd4f956ea38e70aac522dd8cc95bec94eb16ff435ac732da3b97
22515e24bf09d7d7b9ed02436f05853d5174aac248eb79c2b32a82096c8b30a3
2df55ec2cbfe5ba2ddfd9a597a1c2dcfe3c91f211ba611180c97443773f79732
34a8585e0643993caaaa6c3fcd9933354087422062d3c887dada1d65b570bfb3
a022bc0ad88cce0b7ef8c68c7602003ff4150006503291b7ead2119ebdecb36d
03f51ffa9c987630724a451ad872f52bf97bd257ad06b58b6194f5dec29c8f13
395133081793df5c1542b9e77a64a5271d1b358c1a7db674108a7624a9104809
af7efb93740b9b9ee4cd6580a3eefa8298558c9f06b463eb44b03394cde441d5
0335bef9440cae7dd60e617e31258a490b9598e3dfa1325bf79ca9eca5c4c720
4e8d1df344f5009ab35ebb5fed59649cce3e0a9b7f27f312a7cc854eb74b889d
02dc237cae6224ab8277187f6574215e15b4ddd4bf5b2bddbedaa95fc077e4e2
14bd08ddfd5f3fbeffbe9adacf4662f83267492eb8a2ca70a5c7613050039dc9
3c4e179c3ad40c3916a358a7115d8b4ad6d957cb57cecbba7c979057e5370748
16ef953132f6f51c904ccd3e04c933c20110c1dcbab443059df7218392291d5f
2ea5fd6b8b0354c95a41470ae8cb816d0ffb61b6b34cd827ffa160c963b850ed
0978bd6c3a575dd054cd139eaecc851695800c859e61ed340b47c9d5bf0d0d38
ce9a0c42305d137c27b4f369996a15387ae6f0d1e391116f54e7733918083239
SH256 hash:
cffe464a8916d92dd5482446d76384ce62ef2a0547a4a96288f729edd6f92577
MD5 hash:
57a8cab7f8df994fc3035f8402b30d7c
SHA1 hash:
0228c47e9acdb287bf3dff60c2b1c08880208e90
Link:
https://www.unpac.me/results/ca9e2497-d6f7-4cfc-b436-d84092a7502f/
SH256 hash:
69ae0d2e1c3e2bbbe5183e41b3ac08a711b71c2740e59fab69abc6b463b249ae
MD5 hash:
4fc5c70a26e153516338b2bd4a6df5fb
SHA1 hash:
6d7e91edb55a50e3aeacf06752101ae672badc50
Link:
https://www.unpac.me/results/ca9e2497-d6f7-4cfc-b436-d84092a7502f/
SH256 hash:
c440617e04a50ced73c8ab992cbe8d8954a3e41f21f046ee9d1f2a41ea9b416d
MD5 hash:
9390df6c9a6111978dee5414bc42eda6
SHA1 hash:
d3cb1c366b9e466afa93eb369838a04d30777795
Link:
https://www.unpac.me/results/ca9e2497-d6f7-4cfc-b436-d84092a7502f/
SH256 hash:
70382ea1b363da419e2b0e806739138db40b4ec2ea276de2f1aefbd46ee66ac9
MD5 hash:
c260a705d14d1209ee29f226099010a1
SHA1 hash:
f7a97ae4da5562d1064bc7c94d7b68e184361bcf
Detections:
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
Link:
https://www.unpac.me/results/ca9e2497-d6f7-4cfc-b436-d84092a7502f/
Parent samples :
d96b4d0c1efd573f0833df766811861d8b116e92383da4543993971306ecbe4d
70d226c93cae74dfc4fc991b3fc74957cfb08881f53c232ed87e0d22cc5e30f1
76541f045182cd4f956ea38e70aac522dd8cc95bec94eb16ff435ac732da3b97
22515e24bf09d7d7b9ed02436f05853d5174aac248eb79c2b32a82096c8b30a3
2df55ec2cbfe5ba2ddfd9a597a1c2dcfe3c91f211ba611180c97443773f79732
34a8585e0643993caaaa6c3fcd9933354087422062d3c887dada1d65b570bfb3
a022bc0ad88cce0b7ef8c68c7602003ff4150006503291b7ead2119ebdecb36d
03f51ffa9c987630724a451ad872f52bf97bd257ad06b58b6194f5dec29c8f13
395133081793df5c1542b9e77a64a5271d1b358c1a7db674108a7624a9104809
af7efb93740b9b9ee4cd6580a3eefa8298558c9f06b463eb44b03394cde441d5
0335bef9440cae7dd60e617e31258a490b9598e3dfa1325bf79ca9eca5c4c720
4e8d1df344f5009ab35ebb5fed59649cce3e0a9b7f27f312a7cc854eb74b889d
02dc237cae6224ab8277187f6574215e15b4ddd4bf5b2bddbedaa95fc077e4e2
14bd08ddfd5f3fbeffbe9adacf4662f83267492eb8a2ca70a5c7613050039dc9
3c4e179c3ad40c3916a358a7115d8b4ad6d957cb57cecbba7c979057e5370748
16ef953132f6f51c904ccd3e04c933c20110c1dcbab443059df7218392291d5f
2ea5fd6b8b0354c95a41470ae8cb816d0ffb61b6b34cd827ffa160c963b850ed
0978bd6c3a575dd054cd139eaecc851695800c859e61ed340b47c9d5bf0d0d38
ce9a0c42305d137c27b4f369996a15387ae6f0d1e391116f54e7733918083239
SH256 hash:
5c4572c94fa522d96c44522dd90084f926f49a21f6c228447101a4279c8e6afa
MD5 hash:
2fb362801019e06a858f4a9b72020e05
SHA1 hash:
a13babc8d5b8e7f4de9192c25c2ce6cd48ef7117
Link:
https://www.unpac.me/results/ca9e2497-d6f7-4cfc-b436-d84092a7502f/
SH256 hash:
69ae0d2e1c3e2bbbe5183e41b3ac08a711b71c2740e59fab69abc6b463b249ae
MD5 hash:
4fc5c70a26e153516338b2bd4a6df5fb
SHA1 hash:
6d7e91edb55a50e3aeacf06752101ae672badc50
Link:
https://www.unpac.me/results/ca9e2497-d6f7-4cfc-b436-d84092a7502f/
SH256 hash:
c440617e04a50ced73c8ab992cbe8d8954a3e41f21f046ee9d1f2a41ea9b416d
MD5 hash:
9390df6c9a6111978dee5414bc42eda6
SHA1 hash:
d3cb1c366b9e466afa93eb369838a04d30777795
Link:
https://www.unpac.me/results/ca9e2497-d6f7-4cfc-b436-d84092a7502f/
SH256 hash:
3f1bb439dc1e39bdc7ea992cdbacc9583d53e6c4949433f94a8e5be5fa4d3d29
MD5 hash:
be030d800cea4838ad5a4a7559ed3c32
SHA1 hash:
81a03d90b451475d7b229ae91a811800e03f6cb2
Link:
https://www.unpac.me/results/ca9e2497-d6f7-4cfc-b436-d84092a7502f/
SH256 hash:
5c4572c94fa522d96c44522dd90084f926f49a21f6c228447101a4279c8e6afa
MD5 hash:
2fb362801019e06a858f4a9b72020e05
SHA1 hash:
a13babc8d5b8e7f4de9192c25c2ce6cd48ef7117
Link:
https://www.unpac.me/results/ca9e2497-d6f7-4cfc-b436-d84092a7502f/
SH256 hash:
cffe464a8916d92dd5482446d76384ce62ef2a0547a4a96288f729edd6f92577
MD5 hash:
57a8cab7f8df994fc3035f8402b30d7c
SHA1 hash:
0228c47e9acdb287bf3dff60c2b1c08880208e90
Link:
https://www.unpac.me/results/ca9e2497-d6f7-4cfc-b436-d84092a7502f/
SH256 hash:
3f1bb439dc1e39bdc7ea992cdbacc9583d53e6c4949433f94a8e5be5fa4d3d29
MD5 hash:
be030d800cea4838ad5a4a7559ed3c32
SHA1 hash:
81a03d90b451475d7b229ae91a811800e03f6cb2
Link:
https://www.unpac.me/results/ca9e2497-d6f7-4cfc-b436-d84092a7502f/
SH256 hash:
cffe464a8916d92dd5482446d76384ce62ef2a0547a4a96288f729edd6f92577
MD5 hash:
57a8cab7f8df994fc3035f8402b30d7c
SHA1 hash:
0228c47e9acdb287bf3dff60c2b1c08880208e90
Link:
https://www.unpac.me/results/ca9e2497-d6f7-4cfc-b436-d84092a7502f/
SH256 hash:
70382ea1b363da419e2b0e806739138db40b4ec2ea276de2f1aefbd46ee66ac9
MD5 hash:
c260a705d14d1209ee29f226099010a1
SHA1 hash:
f7a97ae4da5562d1064bc7c94d7b68e184361bcf
Detections:
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
Link:
https://www.unpac.me/results/ca9e2497-d6f7-4cfc-b436-d84092a7502f/
Parent samples :
d96b4d0c1efd573f0833df766811861d8b116e92383da4543993971306ecbe4d
70d226c93cae74dfc4fc991b3fc74957cfb08881f53c232ed87e0d22cc5e30f1
76541f045182cd4f956ea38e70aac522dd8cc95bec94eb16ff435ac732da3b97
22515e24bf09d7d7b9ed02436f05853d5174aac248eb79c2b32a82096c8b30a3
2df55ec2cbfe5ba2ddfd9a597a1c2dcfe3c91f211ba611180c97443773f79732
34a8585e0643993caaaa6c3fcd9933354087422062d3c887dada1d65b570bfb3
a022bc0ad88cce0b7ef8c68c7602003ff4150006503291b7ead2119ebdecb36d
03f51ffa9c987630724a451ad872f52bf97bd257ad06b58b6194f5dec29c8f13
395133081793df5c1542b9e77a64a5271d1b358c1a7db674108a7624a9104809
af7efb93740b9b9ee4cd6580a3eefa8298558c9f06b463eb44b03394cde441d5
0335bef9440cae7dd60e617e31258a490b9598e3dfa1325bf79ca9eca5c4c720
4e8d1df344f5009ab35ebb5fed59649cce3e0a9b7f27f312a7cc854eb74b889d
02dc237cae6224ab8277187f6574215e15b4ddd4bf5b2bddbedaa95fc077e4e2
14bd08ddfd5f3fbeffbe9adacf4662f83267492eb8a2ca70a5c7613050039dc9
3c4e179c3ad40c3916a358a7115d8b4ad6d957cb57cecbba7c979057e5370748
16ef953132f6f51c904ccd3e04c933c20110c1dcbab443059df7218392291d5f
2ea5fd6b8b0354c95a41470ae8cb816d0ffb61b6b34cd827ffa160c963b850ed
0978bd6c3a575dd054cd139eaecc851695800c859e61ed340b47c9d5bf0d0d38
ce9a0c42305d137c27b4f369996a15387ae6f0d1e391116f54e7733918083239
SH256 hash:
69ae0d2e1c3e2bbbe5183e41b3ac08a711b71c2740e59fab69abc6b463b249ae
MD5 hash:
4fc5c70a26e153516338b2bd4a6df5fb
SHA1 hash:
6d7e91edb55a50e3aeacf06752101ae672badc50
Link:
https://www.unpac.me/results/ca9e2497-d6f7-4cfc-b436-d84092a7502f/
SH256 hash:
c440617e04a50ced73c8ab992cbe8d8954a3e41f21f046ee9d1f2a41ea9b416d
MD5 hash:
9390df6c9a6111978dee5414bc42eda6
SHA1 hash:
d3cb1c366b9e466afa93eb369838a04d30777795
Link:
https://www.unpac.me/results/ca9e2497-d6f7-4cfc-b436-d84092a7502f/
SH256 hash:
5c4572c94fa522d96c44522dd90084f926f49a21f6c228447101a4279c8e6afa
MD5 hash:
2fb362801019e06a858f4a9b72020e05
SHA1 hash:
a13babc8d5b8e7f4de9192c25c2ce6cd48ef7117
Link:
https://www.unpac.me/results/ca9e2497-d6f7-4cfc-b436-d84092a7502f/
SH256 hash:
3f1bb439dc1e39bdc7ea992cdbacc9583d53e6c4949433f94a8e5be5fa4d3d29
MD5 hash:
be030d800cea4838ad5a4a7559ed3c32
SHA1 hash:
81a03d90b451475d7b229ae91a811800e03f6cb2
Link:
https://www.unpac.me/results/ca9e2497-d6f7-4cfc-b436-d84092a7502f/
SH256 hash:
cffe464a8916d92dd5482446d76384ce62ef2a0547a4a96288f729edd6f92577
MD5 hash:
57a8cab7f8df994fc3035f8402b30d7c
SHA1 hash:
0228c47e9acdb287bf3dff60c2b1c08880208e90
Link:
https://www.unpac.me/results/ca9e2497-d6f7-4cfc-b436-d84092a7502f/
SH256 hash:
0978bd6c3a575dd054cd139eaecc851695800c859e61ed340b47c9d5bf0d0d38
MD5 hash:
cc5ef31195300b2ba7931939057df6f9
SHA1 hash:
2380d7774b44918c6644ae0e9ad4df1a318ea11b
Link:
https://www.unpac.me/results/ca9e2497-d6f7-4cfc-b436-d84092a7502f/
Malware family:
XLoader
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/0978bd6c3a57/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0978bd6c3a575dd054cd139eaecc851695800c859e61ed340b47c9d5bf0d0d38

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/409040/

Comments