MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0d2b79e9ac449de6c300c43522e8581a971b4b08e004696e278608d6c4b46eb8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Formbook

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	0d2b79e9ac449de6c300c43522e8581a971b4b08e004696e278608d6c4b46eb8
SHA3-384 hash:	987d320db572da4d72740d627162086bcb0785b264950c4b751b8080a683a866ade929d82260eda1420a331f90a2e06c
SHA1 hash:	ccc216f56a44c75818fdf67d336e771650f12de8
MD5 hash:	2ab3053fb413c7c69ad408b329e2dc04
humanhash:	charlie-robert-connecticut-tango
File name:	PO78626752.exe
Download:	download sample
Signature	Formbook Create hunting rule
File size:	360'960 bytes
First seen:	2020-07-04 07:29:02 UTC
Last seen:	2020-07-04 08:41:50 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'648 x AgentTesla, 19'452 x Formbook, 12'201 x SnakeKeylogger)
ssdeep	6144:6PbmflfBRHhpBBwimrnLyCDTGMTxxQovAd/+h+yK1f+gJj52iL1Zch+xp0Q1UgWw:uTOf+gJKh+xpf1UgWtA4ZCaaWDYI8Xq0
Threatray	2'240 similar samples on MalwareBazaar
TLSH	1E74BE7136A74B05D1BAB7F44A23941C03B67D3AE661E24CCEDA71ED0A37B418B4079B
Reporter	abuse_ch
Tags:	exe FormBook

abuse_ch

Malspam distributing Formbook:

HELO: regular1.263xmail.com
Sending IP: 211.150.70.199
From: admin <admin@jgpkg.com>
Subject: PO78626752
Attachment: PO78626752.exe

Intelligence

File Origin

# of uploads :

2

# of downloads :

94

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/18821/

Detection(s):

SecuriteInfo.com.Variant.Ursu.934503.1199.6136.UNOFFICIAL

Detection:

formbook

Link:

https://mwdb.cert.pl/sample/0d2b79e9ac449de6c300c43522e8581a971b4b08e004696e278608d6c4b46eb8/

Threat name:

ByteCode-MSIL.Trojan.Kryptik

Status:

Malicious

First seen:

2020-07-04 07:30:07 UTC

AV detection:

20 of 29 (68.97%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=buvxt2nmiso6nqyayq2sf2cydklrwsyi4acgs3rhqyennrfun24a._file

Verdict:

malicious

Label(s):

netwirerc

Similar samples:

0047270c26f603d132bc8e6a67894311356fe2d3c977aa287a09a8261f6b5690

00668e0dac77414a7a5fc8df4867e3a75fc928cdd97b57c068edb11522fecf97

23958a583d62bf343e2641dd871d6d788c99649a722fe1908fea9e72e78d17b7

371a78d5f848b70de0d716586851eec55e92fc1e4e5898943c62c67a99c9e07a

4052cabc6efdd8910b0c92b973d1a37172a92ee408fc53209d746cfb65e08dcc

7910fbd27cb1e4fd04a3356d45036821ed924ef1b8de3117d677be4938cb5140

7c110f7a45aba8f26ba0eb32c024ea55598ec54d9ceda6cf13272a31d2cc6da0

a0086dfee2dba4d6a0adab05e848cfbb9755f68be7adef3ff35ff9740e5a1c2e

b258aed05413eb191250d2907db5b64c4f36fdb0508fb3c9c6390c4144fd9497

dee1fa115a3e06310b958baca7bf709144f770de027ab3c615f6937b7544cd75

+ 2'230 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/200704-2kfd177g8s/

Behaviour

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: MapViewOfSection

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Program crash

Suspicious use of SetThreadContext

Checks whether UAC is enabled

Uses the VBS compiler for execution

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

exe 0d2b79e9ac449de6c300c43522e8581a971b4b08e004696e278608d6c4b46eb8

(this sample)

Delivery method

Distributed via e-mail attachment

Cape

Cape

https://www.capesandbox.com/analysis/18821/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample