MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 147e0bd6d82f2f3d9b402dec62020c117350407cf2871dd73a14a137ae647fd5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 147e0bd6d82f2f3d9b402dec62020c117350407cf2871dd73a14a137ae647fd5
SHA3-384 hash: 77e75906cf92fd8ae01aef1b934d76b3b40af8a1ea28a7ed466c4bbc60e837c4a5f26d9f8ea1f50ccf1678bdcda701fd
SHA1 hash: 149870cd3189d42c050d0f693181a8dfe1d4b412
MD5 hash: 725e9fa0c7a63a1595fd8bc760c38789
humanhash: gee-island-nuts-table
File name:4q3eqzbj.dft.exe
Download: download sample
Signature FormBook
Create hunting rule
File size:384'512 bytes
First seen:2020-06-16 05:29:30 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'748 x AgentTesla, 19'652 x Formbook, 12'246 x SnakeKeylogger)
ssdeep 6144:Zhg2zkZhRaKdhTjz3nrcfAadzOV0YgnOmUSnklxeSQCua1j2CIvZWUK/YI6O5e00:ZW2zkZhphjrcfAYz5lzhklxIeZgIn5eN
Threatray 496 similar samples on MalwareBazaar
TLSH B484CE1577568631C2646E33C29A3225833AD507ECDAC72956CCF22BBDC57C39E42BCA
Reporter abuse_ch
Tags:exe FormBook

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/10581/
Detection(s):
SecuriteInfo.com.Artemis.17237.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-16 05:31:05 UTC
AV detection:
24 of 30 (80.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=cr7axvwyf4xt3g2afxwgeaqmcfzvaqd46kdr3vz2csqtpltep7kq._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
2ba2967a4d170914094d511861a98d9be4f39aa45f5bed35e7d04013508f19fe
FormBook
2fa1eb179872a0c83b944f67d300e1ee6afbe4c31afa3eb687eafaa1e8571e71
FormBook
30e4e4dae89b18d6b6bc4ad98481862eed64806e84dceceaa328899185a7be02
FormBook
7cbad73d42c4241072e2163720a87762f258cbeca1584839d7ed7ee1148559e1
FormBook
9330ee2921887af4f02427f37ea2a7d0a296e2f82fe88c7001d73f74258ff92c
FormBook
977eb3104726250bc364dcb5732a75c743c502bd816aef9c813ba73cb1ce3cbd
FormBook
9ce61ae5037ceb9f8ce9dac6288d9125230dc58f58a4e1450e85081a8a620c15
FormBook
c128856d5c14b0bdf9b327cc2abbec30cfdfb5c0692f7ac57bc22551037da339
FormBook
c58f0824b5c50b5988d4aa44635c1027209920bd8ab9baa6be6bd75997fc86bd
FormBook
dc61af34a94463996df082d9588b579b22f4b7bf6a63299d82cc51593b590352
FormBook
+ 486 additional samples on MalwareBazaar
Result
Malware family:
formbook
Create hunting rule
Score:
  10/10
Tags:
family:formbook rat spyware stealer trojan
Link:
https://tria.ge/reports/201109-2p84m5jlbj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Deletes itself
Formbook Payload
Formbook
Malware Config
C2 Extraction:
http://www.lodipytu.com/trt/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

Executable exe 147e0bd6d82f2f3d9b402dec62020c117350407cf2871dd73a14a137ae647fd5

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/10581/

Comments