MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 240ed2d2ad13186c06123612befe2a592cb2484a7bc6454f84be7f8bee850ebe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 240ed2d2ad13186c06123612befe2a592cb2484a7bc6454f84be7f8bee850ebe
SHA3-384 hash: e7cf40ea96bd47197b40a2f4d3cd5225d46b1be6841a2f538b595adc2068f9470b9627f56ea98f586772c3a2f6a484ef
SHA1 hash: 77901cea8e050bcd11dc413cce5174346e698819
MD5 hash: 4c261f9e162e1d86be1b7106ff5fcba7
humanhash: timing-alaska-comet-beryllium
File name:doc012_jpeg.scr
Download: download sample
Signature Formbook
Create hunting rule
File size:269'312 bytes
First seen:2021-10-04 11:54:15 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e0383fee3aa7c9c4dbf3a05a98d01075 (4 x RaccoonStealer, 3 x RedLineStealer, 2 x CoinMiner)
ssdeep 6144:Tf0H03OKTdOnIvJFN8qqG+2FvgvTpDNsi:z0H03OKBFFP1CvTlK
Threatray 8'371 similar samples on MalwareBazaar
TLSH T13C44E02135F1C5B1DAA79D3004349B50997BBC67287C618A6F642AFE6F323C0AA77707
File icon (PE):PE icon
dhash icon b038faba92d83047 (1 x Formbook)
Reporter lowmal3
Tags:exe FormBook

Intelligence

File Origin
# of uploads :
1
# of downloads :
135
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
doc012_jpeg.scr
Verdict:
Suspicious activity
Analysis date:
2021-09-28 08:43:28 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/72e18050-53ff-4c2a-a927-c0607f81aff9

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/194601/
Detection(s):
Win.Packed.Fragtor-9896091-0
Create hunting rule

Win.Ransomware.Generic-9896092-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware overlay packed
Link:
https://www.filescan.io/uploads/615c0faeb95458900cdc6045/reports/b7b9870c-51e2-461d-9abe-9fb4865faece/overview
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/1f7bb27a-5b52-4f95-aa68-2aa6e25ffc05
Result
Threat name:
FormBook
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/863897
Signature
C2 URLs / IPs found in malware configuration
Found malware configuration
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Yara detected FormBook
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/240ed2d2ad13186c06123612befe2a592cb2484a7bc6454f84be7f8bee850ebe/
Threat name:
Win32.Trojan.Glupteba
Create hunting rule
Status:
Malicious
First seen:
2021-09-23 09:06:27 UTC
AV detection:
23 of 27 (85.19%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=eqhnfuvncmmgybqsgyjl57rklewlesckppdekt4exz7yx3ufb27a._file
Verdict:
malicious
Label(s):
formbook
Create hunting rule
Similar samples:
218a43f5f1a1bb3a7974fe8fd0532829b1b858dec3c8d6bc2a5835a6bb735321
Formbook
43b700fc142394fc70144cda363405f0bb42fd717a4321ac7e4440836457d5fd
Formbook
5f037c930f37e4307f4582f99aab214301591f3b87e9a0500cc3c7130fa209b1
Formbook
6d725aa4c3dd38bc7f924af4891b82a9c993e2db67765c72be42778a9c1b561a
Formbook
85e45fbdd69f39214a4e3f588d14b1be4a7d81f4503813e1ab834c3525e568a8
Formbook
a07f1f0d93911f880923cb4d68f7edef004f110dc036d694acf90145e813a5a3
Formbook
bbedcbe77cff074e73d9265b5cd4dfaba57b573065b1cb36e7944880a54239e9
Formbook
cb1140dd7751382a2d56c59755a2ff38b239805148af2d108cf4f1399ca0f753
Formbook
e7d4b1fb8d668e0b01943e63024f65809c6f1ee73ebcc8a969970a29138d85b0
Formbook
f23ad612df5b25814d5448be9505bc76b8b763dfd622e69a4915736fad6d9d55
Formbook
+ 8'361 additional samples on MalwareBazaar
Result
Malware family:
formbook
Create hunting rule
Score:
  10/10
Tags:
family:formbook campaign:dn7r rat spyware stealer trojan
Link:
https://tria.ge/reports/211004-n3hc9agdaj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Formbook Payload
Formbook
Suspicious use of NtCreateProcessExOtherParentProcess
Malware Config
C2 Extraction:
http://www.yourherogarden.net/dn7r/
Unpacked files
SH256 hash:
240ed2d2ad13186c06123612befe2a592cb2484a7bc6454f84be7f8bee850ebe
MD5 hash:
4c261f9e162e1d86be1b7106ff5fcba7
SHA1 hash:
77901cea8e050bcd11dc413cce5174346e698819
Link:
https://www.unpac.me/results/98e1af6f-f788-4cf7-9aae-138ebf410f59/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/240ed2d2ad13186c06123612befe2a592cb2484a7bc6454f84be7f8bee850ebe

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

Executable exe 240ed2d2ad13186c06123612befe2a592cb2484a7bc6454f84be7f8bee850ebe

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/194601/

Comments