MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 16d4ee81edc265a6d74a516a2ba56794f4694c03ccf50daca250cd8e3627c76d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 16d4ee81edc265a6d74a516a2ba56794f4694c03ccf50daca250cd8e3627c76d
SHA3-384 hash: d50dcbcdbf9b2795a3a61a502f08585da0c70a56c9603f8031b1e95e58b503444b658a2b95e5569a28f3be0fd7fbfe1c
SHA1 hash: 19bb673f60a430e5dcee53ae4ff3d530add3a425
MD5 hash: 13f3bc2ed42075b34070b24c15677d85
humanhash: failed-tennessee-florida-artist
File name:Nova narudzba je u prilogu.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:527'056 bytes
First seen:2022-08-31 08:45:51 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:s8BrEUX/F4Vi7rjlZ6bvIaY04nUOcv/bgprTzw:P4Vi7NMbvIacUZvzorTE
TLSH T1A6B42336C41A9E94B30406CEE59E6D83EC9AF7BC74E8B91E1D570C26C6341E6C6EB007
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter cocaman
Tags:FormBook zip


Avatar
cocaman
Malicious email (T1566.001)
From: "=?UTF-8?Q?Stjepan_Hr=C5=A1ak?= <shrsak@jedinstvo.com>" (likely spoofed)
Received: "from vmi333880.contaboserver.net (wan.gr [207.180.198.241]) "
Date: "Tue, 30 Aug 2022 10:37:24 +0100"
Subject: "RE: [EXTERNAL] RE: RE: Novi poredak"
Attachment: "Nova narudzba je u prilogu.zip"

Intelligence

File Origin
# of uploads :
1
# of downloads :
188
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Zusy.436337.11040.28032.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
greyware keylogger overlay
Link:
https://www.filescan.io/uploads/630f1fe3fbf1afa4927b2078/reports/e034e877-aa98-44db-a45c-ec144e688db1/overview
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/16d4ee81edc265a6d74a516a2ba56794f4694c03ccf50daca250cd8e3627c76d
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/16d4ee81edc265a6d74a516a2ba56794f4694c03ccf50daca250cd8e3627c76d/
Threat name:
Win32.Backdoor.Remcos
Create hunting rule
Status:
Malicious
First seen:
2022-08-30 12:56:30 UTC
File Type:
Binary (Archive)
Extracted files:
92
AV detection:
13 of 26 (50.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=c3ko5apnyjs2nv2kkfvcxjlhst2gstadzt2q3lfckdgy4nrhy5wq._file
Result
Malware family:
xloader
Create hunting rule
Score:
  10/10
Tags:
family:modiloader family:xloader campaign:euv4 loader persistence rat trojan
Link:
https://tria.ge/reports/220831-kpbf1abgck/
Behaviour
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Adds Run key to start application
Checks computer location settings
ModiLoader Second Stage
Xloader payload
ModiLoader, DBatLoader
Xloader
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip 16d4ee81edc265a6d74a516a2ba56794f4694c03ccf50daca250cd8e3627c76d

(this sample)

Formbook

Executable exe 3ee73c44fb49972ab6a7a00de73358d44f2fc94ce90dc2fffe8dcfbb00289bed

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3ee73c44fb49972ab6a7a00de73358d44f2fc94ce90dc2fffe8dcfbb00289bed
  
Dropping
Formbook

Comments