MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 15c4fa85cbc2c692575d38601a56e49a52a23d74a2dce110bf17beadf46672bb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 15c4fa85cbc2c692575d38601a56e49a52a23d74a2dce110bf17beadf46672bb
SHA3-384 hash: e6ee749b2a110cc097f29992b08bc6f1ebdc33218b5f7e381c3e8c3c7c0f6856de8d6336fd86a621a199f53089c6d5fa
SHA1 hash: 65254c5c5b67524cbc73d8e5f5755a24451f7fd5
MD5 hash: ce868e50711384f6932917ceab7b3349
humanhash: whiskey-hydrogen-early-timing
File name:mazx.exe
Download: download sample
Signature Formbook
Create hunting rule
File size:321'024 bytes
First seen:2020-06-30 06:09:09 UTC
Last seen:2020-06-30 07:01:06 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'647 x AgentTesla, 19'451 x Formbook, 12'201 x SnakeKeylogger)
ssdeep 6144:bLxOf7nV9DpJvJtLTqAY6r5/EAyXUrZgnGObVRgHqDVMO:bL+nzDvvJtLtYu5IUGhbVRgOMO
Threatray 5'102 similar samples on MalwareBazaar
TLSH 9264E117767C9762E92DC3F40B24118053F7372A6222E248CD9B38DA6976FA18761F93
Reporter JoulK
Tags:exe FormBook

Intelligence

File Origin
# of uploads :
2
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/16800/
Detection(s):
SecuriteInfo.com.Generic.mg.ce868e50711384f6.6433.UNOFFICIAL
Create hunting rule

Detection:
formbook
Create hunting rule
Link:
https://mwdb.cert.pl/sample/15c4fa85cbc2c692575d38601a56e49a52a23d74a2dce110bf17beadf46672bb/
Threat name:
ByteCode-MSIL.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-06-30 06:11:03 UTC
AV detection:
24 of 31 (77.42%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=cxcpvbolyldjev25hbqbuvxetjjkepluuloocef7c67k35dgok5q._file
Verdict:
malicious
Similar samples:
07d614e422ec5b2dbd4c0fbe9232bd0e06bc2e910bad7a6f8721eec2a2c608ae
Formbook
0a3ccff2a6b6ee6c506c71db29a49c6e7651a562b8c2c60c8bca3d8c48355875
Formbook
3e98d7f59e495ddfa5140a50f70347bb4a56296ca2dcb6602f65ebb4e4a0373b
Formbook
489d3efd8b97c389697e1851b7c4351b28725dca02d2550b2c4e3770d747bc97
Formbook
498fbde70a7375ef095b51ad4ad72798d26a2d28dd82e155e9afc31e95773bea
Formbook
590fde182a154cd89b15d88546d60351b9fecb51e04fbbf4affd8d49a618bd23
Formbook
5f548015f3c7d81e255e3572e5ff9c9d89a93a97e5a104be698883bc20d60d54
Formbook
6023812166224ffe7f3ff3efacddccd27c4ae1f09aa2dc9e2f5c8557d6bb4382
Formbook
67621e39feff68de7d856d81acb0992540b4af197a94d71c32d9209e8d432a7f
Formbook
985fb6bd28653c5012113b096e61bebb49fe5aeeb53c7a128d323803637cf6cd
Formbook
+ 5'092 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
evasion trojan
Link:
https://tria.ge/reports/200630-mfkmrd2yes/
Behaviour
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of FindShellTrayWindow
Suspicious use of SetThreadContext
Checks whether UAC is enabled
Deletes itself
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Formbook

Executable exe 15c4fa85cbc2c692575d38601a56e49a52a23d74a2dce110bf17beadf46672bb

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/16800/
  
URLhaus
https://urlhaus.abuse.ch/url/402146/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/386538/

Comments