MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 209c5487fe6b505359d61e4c19ef2c85c4826aeea2c9700b4670190c653abbeb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 209c5487fe6b505359d61e4c19ef2c85c4826aeea2c9700b4670190c653abbeb
SHA3-384 hash: a7ca3a5da4c19d4095eea5e69210db1069a17a3bdc33101e97f1e0903dc98fc457a97e9ac6405076794f5dcaea0f744f
SHA1 hash: 0dceac5a47b45e6907175895f01b3bc63209e5c9
MD5 hash: 1c3220824e17fa275784c1839823e1ad
humanhash: wolfram-mango-spring-connecticut
File name:awator.net_xrmp__bins.exe.malw
Download: download sample
Signature Formbook
Create hunting rule
File size:688'128 bytes
First seen:2020-03-18 18:27:27 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:k3+/K5LS77gb905+Iu71neklB2m+ScdKgyqlR4J0AunXN:k3+gxwMe0BtSYOR47c
Threatray 2'213 similar samples on MalwareBazaar
TLSH ABE4E0343F438C0BC59D0A35E1B25192B332D8967696F70F69ED23399E67F169F8081A
Reporter ov3rflow1
Tags:FormBook malw

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Fbng.8.15296.20183.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2018-12-12 07:11:00 UTC
File Type:
PE (.Net Exe)
Extracted files:
3
AV detection:
23 of 30 (76.67%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0831d2ef7d75d3086cfea4f7fa8c0b0dd8d0d4bff400670dda898a7dd1ded392
Formbook
1b8b4e62fb4118fc4f27c17d3a94d6d61a83cd6d11b224460d7f52b2a5f7c7d5
Formbook
1f8effc9e8ef41356c4446d27273380211fcbb6416b62e705398a581da76dc6a
Formbook
322427854deccec94e7331e8d3faa9f2701289b8e2faac322889c5b04d6b8f5e
Formbook
3beb95c4f83e5f7d1af897311a6cd1d8abfb04c656ca73d7f4c8db6ad6e5d150
Formbook
41f341ae994cf53488e0a96a6a531c9ef26c31ad763b7f858b278657051be31d
Formbook
50e781f81383ec2a395e7cfc2e75acf89b97b1472530a5f6d6863e3b8d64fd2d
Formbook
7f6459ace4d6259e61c8170563af8a30f25568457902f4f717c8ad17574efab6
Formbook
b9c1be5f81b9261b1bb68fb0f667a57721bd04b750427a9382844c42d18dba6e
Formbook
bfa0531240e8ae03aee76df45f9e4c8748ad739a63f47c81269d7b2ca05fc329
Formbook
+ 2'203 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/209c5487fe6b505359d61e4c19ef2c85c4826aeea2c9700b4670190c653abbeb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
  
URLhaus
https://urlhaus.abuse.ch/url/186297/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments