MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2787c73ed16419f6c5cfb81ae4e2db23c91507eaf1d8c1c10e8b965b394fe443. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 5


Intelligence 5 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2787c73ed16419f6c5cfb81ae4e2db23c91507eaf1d8c1c10e8b965b394fe443
SHA3-384 hash: 4e68aea33d9479dae1fd0e43ec65de514342433219b741a28c58883766a39e076a1c7f3ee3a31e593723489caa95de4a
SHA1 hash: abab432f236b1955ccd6e3aee2103f1bb1c5c10b
MD5 hash: e91b62f7952825d6a87775166301d018
humanhash: alaska-green-blue-network
File name:2FhepOGQj37Wiy9.ace
Download: download sample
Signature Formbook
Create hunting rule
File size:550'623 bytes
First seen:2023-01-23 11:58:32 UTC
Last seen:Never
File type: ace
MIME type:application/octet-stream
ssdeep 12288:IwGRcTHNsddY7jv+RLmVoshD3waRZs2ET1Y5SQ1Aj:1GcTH+ddYnmRmKshUws2E5cw
TLSH T1EFC4236F2844D3A0E635756D0AB3223F4ABD4E9F0C7D52022025EACB697FE94D1B4727
Reporter Anonymous
Tags:ace

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25738.AceHeur.Exe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25166.AceHeur.Exe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Suspicious-ACE-exe.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
context-ace packed
Link:
https://www.filescan.io/uploads/63ce768796add6d1cf483288/reports/890037fc-32b2-4940-a09c-5e7b6b64b86c/overview
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2787c73ed16419f6c5cfb81ae4e2db23c91507eaf1d8c1c10e8b965b394fe443/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2023-01-23 11:59:07 UTC
File Type:
Binary (Archive)
Extracted files:
15
AV detection:
8 of 39 (20.51%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=e6d4opwrmqm7nropxanojyw3eperkb7k6hmmdqiorolfwokp4rbq._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/230123-rt6k9sdf55/
Behaviour
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of SetThreadContext
Checks computer location settings
Loads dropped DLL
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.45
Link:
https://yomi.yoroi.company/submissions/2787c73ed16419f6c5cfb81ae4e2db23c91507eaf1d8c1c10e8b965b394fe443

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ACE_Containing_EXE
Create hunting rule
Author:Florian Roth - based on Nick Hoffman' rule - Morphick Inc
Description:Looks for ACE Archives containing an exe/scr file

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

ace 2787c73ed16419f6c5cfb81ae4e2db23c91507eaf1d8c1c10e8b965b394fe443

(this sample)

Formbook

Executable exe 27715b211a7693bd15a4580b6ee1e9b9d01c2b1142170b47888b7be538ecb084

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 27715b211a7693bd15a4580b6ee1e9b9d01c2b1142170b47888b7be538ecb084
  
Dropping
MD5 d539fcc11b4f5b96a1d89928f1ef87e7

Comments