MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 10f863afc82cd61fdc8a55bc67e2726401ac51c4e9647ddd19dbf1ea30df9e09. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 12


Intelligence 12 IOCs YARA 4 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 10f863afc82cd61fdc8a55bc67e2726401ac51c4e9647ddd19dbf1ea30df9e09
SHA3-384 hash: bdb45204c48be59b2fb7f1ff0f2553b198de7525e86b42a8ca3265b43878465c0a155e70eb0112a94b65432330b83373
SHA1 hash: 6682d6dfd06b80e5968eb424c013505bbae66e8c
MD5 hash: 7630a755b70921f9f22891035c3628e9
humanhash: arkansas-connecticut-beryllium-october
File name:7630a755b70921f9f22891035c3628e9
Download: download sample
Signature Formbook
Create hunting rule
File size:250'368 bytes
First seen:2023-11-15 10:42:43 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 6144:ReoIZR781uLl43/1Mg2p7F1bhUlCMSrSJ6Igy9WaukV3Y709:RkvJ4nspglx3J6tykNk2O
Threatray 62 similar samples on MalwareBazaar
TLSH T1C534138EE21A578DC0A2D6B23DFF35C0DD15E6DC4FC587D683609CA4763A4989B12E8C
Reporter zbetcheckin
Tags:32 exe FormBook

Intelligence

File Origin
# of uploads :
1
# of downloads :
317
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
formbook
Create hunting rule
ID:
1
File name:
10becade76ccb8cbe488fddc823f7fbf
Verdict:
Malicious activity
Analysis date:
2023-11-15 10:45:21 UTC
Tags:
opendir loader formbook xloader
Link:
https://app.any.run/tasks/8ec327bf-3572-49fb-b86a-7faaed35f43e

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/458708/
Detection(s):
SecuriteInfo.com.Trojan.PWS.Banker1.29984.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Sending a custom TCP request
Gathering data
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
overlay packed
Link:
https://www.filescan.io/uploads/6554a0ef8dc4c0f2230b878c/reports/4426bfd9-03da-4241-bae9-923b302cb012/overview
Verdict:
Malicious
Labled as:
Malware
Link:
https://www.hybrid-analysis.com/sample/10f863afc82cd61fdc8a55bc67e2726401ac51c4e9647ddd19dbf1ea30df9e09
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Formbook
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/d015b3cd-c980-44c8-bf6c-6135cc81e602
Result
Threat name:
FormBook
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1342945
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Injects a PE file into a foreign processes
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Maps a DLL or memory area into another process
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Queues an APC in another process (thread injection)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Yara detected FormBook
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/10f863afc82cd61fdc8a55bc67e2726401ac51c4e9647ddd19dbf1ea30df9e09
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/10f863afc82cd61fdc8a55bc67e2726401ac51c4e9647ddd19dbf1ea30df9e09/
Threat name:
Win32.Trojan.FormBook
Create hunting rule
Status:
Malicious
First seen:
2023-11-14 06:18:38 UTC
File Type:
PE (Exe)
AV detection:
21 of 23 (91.30%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cd4ghl6iftlb7xekkw6gpytsmqa2yuoe5fsh3xiz3py6umg7tyeq._file
Verdict:
malicious
Label(s):
formbook
Create hunting rule
Similar samples:
22da6798edf7ecbc018e132ff61dff54b38704226c0f4693e8981b112e69eafc
Formbook
3ea69a1a0c5cc196a71ab1d7754abe0683813ff321d59d731bb72d2d3d076f3f
Formbook
40203565c21de2f3923f1c4bb185068706f0bf56366cb099e6483737020b2ae3
Formbook
5669840788d19dbb20f845d3beffd4ba401886023cb434fc944ad8c2c002b84c
Formbook
8f05551c8ddd819665aef513ec44d4f0d3f905fe9d8eca05e2d7857606f132f4
Formbook
9761c8e02b65302ac53c1354d1b9c0ae5799523213d96e0b941df7699f0fa722
Formbook
af5cd0edddca153baade5709425e28b9799866e7ac286dc54f790028073c8505
Formbook
da49519a5670d282de449cee9f55bfdfb034d4fd011e7420152ed3e841a00372
Formbook
+ 52 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/231115-msbbhshb2z/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
54823dc3b9e8c38cb65108763d43162692b2933892d334fa0fd7f44376e8ce48
MD5 hash:
771b97be9515a5c60f1ae10491d8cb3e
SHA1 hash:
034a446524da0a80c474f932f52182d82df2c245
Link:
https://www.unpac.me/results/988a6733-7614-4840-baf7-5e4782bcb979/
SH256 hash:
10f863afc82cd61fdc8a55bc67e2726401ac51c4e9647ddd19dbf1ea30df9e09
MD5 hash:
7630a755b70921f9f22891035c3628e9
SHA1 hash:
6682d6dfd06b80e5968eb424c013505bbae66e8c
Link:
https://www.unpac.me/results/988a6733-7614-4840-baf7-5e4782bcb979/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:maldoc_getEIP_method_1
Create hunting rule
Author:Didier Stevens (https://DidierStevens.com)
Rule name:meth_get_eip
Create hunting rule
Author:Willi Ballenthin
Rule name:pe_no_import_table
Create hunting rule
Description:Detect pe file that no import table
Rule name:shellcode
Create hunting rule
Author:nex
Description:Matched shellcode byte patterns

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Formbook

Executable exe 10f863afc82cd61fdc8a55bc67e2726401ac51c4e9647ddd19dbf1ea30df9e09

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2731050/
Cape
Cape
https://www.capesandbox.com/analysis/458708/

Comments


Avatar
zbet commented on 2023-11-15 10:42:44 UTC

url : hxxp://172.245.208.19/360/unsecapp.exe