MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2c9f9b7441e5626155e10dfdd98926a04653454723069560bebe6d07a7d1d405. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Formbook

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	2c9f9b7441e5626155e10dfdd98926a04653454723069560bebe6d07a7d1d405
SHA3-384 hash:	ce14f3268e0b48df741c0b639b91e6600c7b8e0f02a57c34578f86e5bf4b74a4f08c7ae429302a2ba3c5348a64f9d153
SHA1 hash:	1941b9bad9542f89197ce1a628c029eddf700179
MD5 hash:	bfa7da3001b0eec681ed06fba5c3a729
humanhash:	xray-montana-sink-sodium
File name:	bfa7da3001b0eec681ed06fba5c3a729.exe
Download:	download sample
Signature	Formbook Create hunting rule
File size:	377'344 bytes
First seen:	2021-08-26 12:39:59 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	ef471c0edf1877cd5a881a6a8bf647b9 (74 x Formbook, 33 x Loki, 29 x Loda)
ssdeep	6144:Y4XrK9PX7Fp6Gh2wWRGl0EDDf1PisZQ5rAGQwg1QtP1f4paaYlsdcaMJEdbI0Pz6:HXe9PPlowWX0t6mOQwg1Qd15CcYk0WeK
Threatray	1'086 similar samples on MalwareBazaar
TLSH	T19484124588C5CCA6E71AB374D0B3CF9819657832CC956B689718FA2DB870343B853E6F
dhash icon	aae2f3e38383b629 (2'034 x Formbook, 1'183 x CredentialFlusher, 666 x AgentTesla)
Reporter	abuse_ch
Tags:	exe FormBook

Intelligence

File Origin

# of uploads :

1

# of downloads :

334

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

bfa7da3001b0eec681ed06fba5c3a729.exe

Verdict:

Suspicious activity

Analysis date:

2021-08-26 12:41:39 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/0083887d-2947-469c-8657-744b7ef422cc

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/182638/

Detection(s):

PUA.Win.Packer.Upolyx-12

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

DNS request

Connection attempt

Sending a custom TCP request

Sending a UDP request

Sending an HTTP GET request

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/62040a21-9b15-4d5a-9d4b-0043bc0bddd0

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

52 / 100

Link:

https://www.joesandbox.com/analysis/839885

Signature

AutoIt script contains suspicious strings

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/2c9f9b7441e5626155e10dfdd98926a04653454723069560bebe6d07a7d1d405/

Threat name:

Win32.Hacktool.Acapulco

Status:

Malicious

First seen:

2021-08-26 12:40:09 UTC

AV detection:

10 of 38 (26.32%)

Threat level:

1/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=fspzw5cb4vrgcvpbbx65tcjgubdfgrkhemdjkyf6xzwqpj6r2qcq._file

Verdict:

malicious

Similar samples:

0f3dd18c562054da9edf8c427370c1455f5882d455ca21e8f2ed2cff9d70472c

17d901ea338cf7b487226ebd86f963023ce246d9f3aaa973f6d15c44cb01907d

1c4cf94d38837e40ac5654711ef04cf7f2e07a66c065c46955d92d0d95089d90

28168c7a0fffc6787241b2c6e8c9fc1590e5715fbea2af58cb2e4f92e72374fa

378a43b4576b7d9a7bf424295f83cee901ad8347351285a3dc0708d78312a4cc

71335267a0a48bbcf678e354b421445d3db926ec5dd9b40c2a004cebb9b166f0

89887d6a5f728886bc9f6012606918246c91ecafe903777f4fcda168217e9a5e

bb025003b58ee61c3d6805cd3974844ca21224c8fd64c0678b19864453137a58

f3037e5e047b6bfbfb11c453d1d836217e8c7ec606eacce69dfe31bf8b260821

ff3168baecb6c9afcaeaf4d557d814522a197183c8930da3832465f2f5b3963b

+ 1'076 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

upx

Link:

https://tria.ge/reports/210826-vf2vtfynzj/

Behaviour

Modifies system certificate store

Enumerates physical storage devices

Unpacked files

SH256 hash:

84276b8f92683d25512a6567465a978407bf2665eb80b852eca6d1bc57724bd4

MD5 hash:

923ab5d24efe29b1cc080edd96fef49a

SHA1 hash:

c95476b8afdb8c09b6e2888a2fbe8a307cddf561

Link:

https://www.unpac.me/results/1b55daba-dcb9-4124-9ad1-c3c92d49420d/

SH256 hash:

2c9f9b7441e5626155e10dfdd98926a04653454723069560bebe6d07a7d1d405

MD5 hash:

bfa7da3001b0eec681ed06fba5c3a729

SHA1 hash:

1941b9bad9542f89197ce1a628c029eddf700179

Link:

https://www.unpac.me/results/1b55daba-dcb9-4124-9ad1-c3c92d49420d/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

0.85

Link:

https://yomi.yoroi.company/submissions/2c9f9b7441e5626155e10dfdd98926a04653454723069560bebe6d07a7d1d405

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/182638/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample