MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0b4749ab7cdd7b5e94b52c734d85bc42353739e464377359ae72a25f7552328a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0b4749ab7cdd7b5e94b52c734d85bc42353739e464377359ae72a25f7552328a
SHA3-384 hash: c4283ac551c3a1c10d216d0460f8b51e0b41ce0005f1cfadbdfec89282ba184fca903a83c6cf9b8f77c4ca6838706e77
SHA1 hash: 9aebc6e4b0354465b4f894c93abd0c2d6e0c9161
MD5 hash: 1f3c1f7871556ce16a7e2ecb5216e484
humanhash: colorado-fix-oranges-sad
File name:1f3c1f7871556ce16a7e2ecb5216e484.exe
Download: download sample
Signature FormBook
Create hunting rule
File size:507'904 bytes
First seen:2020-06-05 10:12:28 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 6144:1N9polJIHFyCBgPgef+vuZMEZx+/8MWhUEm1RwsASb:9FyCLe9CEHPMWI1RV
Threatray 5'160 similar samples on MalwareBazaar
TLSH 72B45A06213C6BEFF8BD2EF545161B280BA01C9A8E36E246DC5B38D5E97B743CA055D3
Reporter abuse_ch
Tags:exe FormBook

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Score-7597125-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-05 01:55:02 UTC
File Type:
PE (.Net Exe)
Extracted files:
54
AV detection:
28 of 31 (90.32%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bndutk343v5v5ffvfrzu3bn4ii2toopemq3xgwnookrf65ksgkfa._file
Verdict:
malicious
Similar samples:
1561967cff081a9b139de45a82e6a61e2f5b01834d4666f2fc88cf0c52220268
FormBook
397dd4bc6657e428ed2b5d3bcf09d3409d943796cfe5d096583c85ff8a3340b1
FormBook
39c515aecf42295136801c4a1a847d80bc8269ad5cf20c512af98a020cd7a699
FormBook
3a632ffacb961b5f6d075395013be5162b65cddec7cf9f2229f12ce84fc7a213
FormBook
4cfa54b4b97d2f12a225b24eb37c89312976f77f48cfa5da3ecd8dcf4a21ec90
FormBook
6d6eb640a5ed74ff6f53040b3ce6aee62a54991a9f177a71ad540e4c63d49be1
FormBook
8a537505ec668cf353931413aa389f5a5eacabb6469f04dcabfe0b7acff721d9
FormBook
95aa3a1503e68851a57de64294791d3cc97584bf89b27586be513a24abe1ef2b
FormBook
bf0608df4ec33356cccf0af528cb8272bae2d3e86fc46ef5b80da38c92e77176
FormBook
de7172d5a714ddfb1da598299b059e35e322088eb01d4457a5d3f8de3a414861
FormBook
+ 5'150 additional samples on MalwareBazaar
Result
Malware family:
formbook
Create hunting rule
Score:
  10/10
Tags:
family:formbook rat spyware stealer trojan
Link:
https://tria.ge/reports/201109-s4rln1xyjj/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Formbook Payload
Formbook
Malware Config
C2 Extraction:
http://www.nimtax.com/ut/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

Executable exe 0b4749ab7cdd7b5e94b52c734d85bc42353739e464377359ae72a25f7552328a

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments