MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1f5a8eb777f80c4d298076898354c9587e50efac145a01a3e88b79eb2be1c67c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1f5a8eb777f80c4d298076898354c9587e50efac145a01a3e88b79eb2be1c67c
SHA3-384 hash: 2d11a2dc63aaf9b50b52b7a0d7acfbab37eee8a99c5d4df77d884513038637b721acc41ae37e632e7366778c9d99ad60
SHA1 hash: 6569462062f4278a843856c449b772f54935b6e4
MD5 hash: 055a6b357509bf1b1c3e850ed4eac872
humanhash: potato-bacon-maine-maine
File name:awator.net_xlmrp__binn.exe.malw
Download: download sample
Signature Formbook
Create hunting rule
File size:730'624 bytes
First seen:2020-03-18 18:25:18 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:Qu95DeIuwaVfB/QvH0kZ4lBGliSnRhMX8l+LWEoe:QyDtXc4H0kylBGliKRh7l+LWEoe
Threatray 60 similar samples on MalwareBazaar
TLSH ABF4BFA23BC3485DCA4D0976507340C0B732A6D93BD6CB0EB6DA823C5E17E879F51D6A
Reporter ov3rflow1
Tags:FormBook malw

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.MSIL.Basic.1.Gen.1190.27832.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2018-12-10 06:32:00 UTC
File Type:
PE (.Net Exe)
Extracted files:
3
AV detection:
24 of 31 (77.42%)
Threat level:
  2/5
Verdict:
unknown
Similar samples:
0831d2ef7d75d3086cfea4f7fa8c0b0dd8d0d4bff400670dda898a7dd1ded392
Formbook
1b8b4e62fb4118fc4f27c17d3a94d6d61a83cd6d11b224460d7f52b2a5f7c7d5
Formbook
209c5487fe6b505359d61e4c19ef2c85c4826aeea2c9700b4670190c653abbeb
Formbook
2238bd6edabc07ab04409266f8013795e98201bca2ab5ffd7ce557873f52b847
Formbook
4a5a22b508a778ce928a6e7ed3f25c30c4d57176334035a2354effa151e44e60
Formbook
50e781f81383ec2a395e7cfc2e75acf89b97b1472530a5f6d6863e3b8d64fd2d
Formbook
6cfae9fac2b59c2520f8911a66bd16899886170ff2a5f17f40161ac47f66b0ff
Formbook
ac42965215afb055c4135cc87288be3f2aaff848972634fbaed4c365e112af43
Formbook
ca54dac8de04ef9b1f74a39470ae1f615ecbb9cd5eaa093c3d70d7d40576eb9a
Formbook
e33cc945d6b0681de6b34b52f0cb609676cdf5f3ecf61f4122b64d7a7e74b5ca
Formbook
+ 50 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1f5a8eb777f80c4d298076898354c9587e50efac145a01a3e88b79eb2be1c67c

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:win_nymaim_g0
Create hunting rule
Author:mak, msm, CERT.pl

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
  
URLhaus
https://urlhaus.abuse.ch/url/186295/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments