MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 24e0b8b20a6a2631807832c4c7ea19f8b5f8cabb5b581464aa7bb3973b3ae649. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 24e0b8b20a6a2631807832c4c7ea19f8b5f8cabb5b581464aa7bb3973b3ae649
SHA3-384 hash: 326737e998f324edf3177510ec8ed9fc3c7a357c483efb775bbaff5cbfc4b9b7202f5490572bc2d4e511dd35d613a41e
SHA1 hash: 7f8f9a56bf24e177dcdd71cea60b0cfc95132d14
MD5 hash: a824135a1d534996a648dd934c5a2cb6
humanhash: river-seven-freddie-hawaii
File name:RE CPIC ABAHSAIN FIBERGLASS.gz
Download: download sample
Signature Formbook
Create hunting rule
File size:939'446 bytes
First seen:2022-07-15 07:45:36 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 12288:a0J9YV5XwPKH4JlQRWdSO/ILwtBELCz+fSXfNjTaBKksqW5VPLAlUHfxXl5fX8Pb:XJclG6OQ8dn/KCzCSVTn/TPJD5fXOAi
TLSH T1B51523984359208AFBED15F81750458DD67B0E318F2E6604FC2879EF9A17F5B4A223EC
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Reporter cocaman
Tags:FormBook gz


Avatar
cocaman
Malicious email (T1566.001)
From: "Vijayakumar Venugopal <vijay@newtechgroup.net>" (likely spoofed)
Received: "from newtechgroup.net (unknown [185.222.58.69]) "
Date: "14 Jul 2022 17:51:23 +0200"
Subject: "RE: CPIC ABAHSAIN FIBERGLASS - 3rd Quarter of 2022 (21/07/2022)"
Attachment: "RE CPIC ABAHSAIN FIBERGLASS.gz"

Intelligence

File Origin
# of uploads :
1
# of downloads :
209
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/24e0b8b20a6a2631807832c4c7ea19f8b5f8cabb5b581464aa7bb3973b3ae649/
Threat name:
ByteCode-MSIL.Spyware.SnakeLogger
Create hunting rule
Status:
Malicious
First seen:
2022-07-14 16:57:43 UTC
File Type:
Binary (Archive)
Extracted files:
13
AV detection:
17 of 26 (65.38%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=etqlrmqknitddadyglcmp2qz7c27rsv3lnmbizfkpozzooz24zeq._file
Result
Malware family:
formbook
Create hunting rule
Score:
  10/10
Tags:
family:formbook campaign:ir93 rat spyware stealer suricata trojan
Link:
https://tria.ge/reports/220715-jlyxfshga9/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Deletes itself
Formbook payload
Formbook
suricata: ET MALWARE FormBook CnC Checkin (GET)
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/24e0b8b20a6a2631807832c4c7ea19f8b5f8cabb5b581464aa7bb3973b3ae649

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

gz 24e0b8b20a6a2631807832c4c7ea19f8b5f8cabb5b581464aa7bb3973b3ae649

(this sample)

Formbook

Executable exe 538caa87df986328d0ed89dae0510619173071244c6e7977f4abbdcd29af3c17

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 538caa87df986328d0ed89dae0510619173071244c6e7977f4abbdcd29af3c17
  
Dropping
MD5 f5fd44d50dfd6544b0fd77684c1f2cf4

Comments