MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2f9ae8ffa46e606acf8b1ffe2e6740dff3da2f2e47411d370ba34b95e9407a08. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2f9ae8ffa46e606acf8b1ffe2e6740dff3da2f2e47411d370ba34b95e9407a08
SHA3-384 hash: 99704cb41b7d022724340b084fd74d55faa0076603e4cb0982a2c5d69567184b191d235c5820f4cede153c2ab6b325d2
SHA1 hash: 3b1058506c51e3b2df3991eb92973b1faf599f59
MD5 hash: 5779096d3be228da0d90a9749b5358c9
humanhash: illinois-kitten-alpha-pasta
File name:5779096d3be228da0d90a9749b5358c9.exe
Download: download sample
Signature FormBook
Create hunting rule
File size:408'441 bytes
First seen:2020-07-08 06:54:16 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 7c2c71dfce9a27650634dc8b1ca03bf0 (160 x Loki, 58 x Formbook, 55 x Adware.Generic)
ssdeep 12288:Panou9rIsXw8ZosCravqY9F70Emg5kusg1MkV2N8:fu95pZosCravqYrKg5kuzCkV2y
Threatray 579 similar samples on MalwareBazaar
TLSH B694125BB3909E67DA9081F126F34F7E03EBFD548AAA5B470B40BF06A877143090E9D5
Reporter abuse_ch
Tags:exe FormBook

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/22890/
Detection(s):
PUA.Win.Downloader.Soft32downloader-6691270-0
Create hunting rule

PUA.Win.Adware.Browserio-6725861-0
Create hunting rule

SecuriteInfo.com.Artemis162931E90DCF.4593.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Creating a file
Creating a file in the %AppData% subdirectories
Launching a process
Launching cmd.exe command interpreter
Deleting a recently created file
Reading critical registry keys
Setting browser functions hooks
Unauthorized injection to a system process
Unauthorized injection to a browser process
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2f9ae8ffa46e606acf8b1ffe2e6740dff3da2f2e47411d370ba34b95e9407a08/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-07-08 06:56:06 UTC
AV detection:
31 of 48 (64.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=f6nor75enzqgvt4ld77c4z2a37z5ulzoi5ar2nylunfzl2kapiea._file
Verdict:
malicious
Similar samples:
0f24e222f76b19a0f1995c70e3711ab2b1c7e3f41c5e915796e767fce361e2e3
FormBook
167224522877eba2d7d339b81c59b8aa8a87a946c7ea46ba18b2d1f51bff8e5a
FormBook
1871fae6fc70b89c56b1702fbddcd1b136291c5b37cd04c9c1a4ac6a648e0a56
FormBook
32585e3a92b96a490c87874d90a262dc0cc814617d9f5c8721c6c54d98385b6d
FormBook
5c63c2887891a56e0465251c8112ce7a07fc70e782dbc2e80f45f670294d4285
FormBook
5e23eed104a5bd67c8ae3abe1f3554abac8500bf9f916992df36246b06f14419
FormBook
6136de5710b395c340ca0a704f1bbce17a3022b063aa053db1ac9279e0501613
FormBook
7ef7ff0660d406b237fd3253738d60a294c0273ca1436cf9ba87d5b2ea8d62d8
FormBook
c2f42cfcfafad77546d57cbfde6a6f4c1c75d684a81304d1ec901285b1873bd3
FormBook
cdddaa32a17f3dfb1d00f35354c29a0b949d709839785d879ea203cf18c57f24
FormBook
+ 569 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200708-mntfj16v4a/
Behaviour
NSIS installer
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

FormBook

Executable exe 2f9ae8ffa46e606acf8b1ffe2e6740dff3da2f2e47411d370ba34b95e9407a08

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/22890/
  
URLhaus
https://urlhaus.abuse.ch/url/408625/
  
Delivery method
Distributed via web download

Comments