MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 31e66c356ca1daf6f2c3965c1c2f9356eda89a8423cbd1b33240b2c8b4abf20c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 31e66c356ca1daf6f2c3965c1c2f9356eda89a8423cbd1b33240b2c8b4abf20c
SHA3-384 hash: 3de76474e28b3ba3bbfcdaba16c5f39d6c2703b5840a1e3ae4f156fe7d5515962c68a1c7362f3b306f815a5dd9461898
SHA1 hash: 78b2a9e542bd6269098155a4e53268ea4dfd7eb7
MD5 hash: dccae05e3d41143f100a3daf4b5b2732
humanhash: kansas-august-speaker-utah
File name:PO-5820 DRSS# 1002935014-10-DTH.exe
Download: download sample
Signature FormBook
Create hunting rule
File size:301'056 bytes
First seen:2020-06-06 10:17:17 UTC
Last seen:2020-06-06 10:46:17 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 6144:fPdqrVBTsWmm8cDT7wJrjW9H9nXDz57XG53tbXgOdXF8/g:WV12cDYtjW9H9fxG59TFN
TLSH 2F54F106B269974AE40A87FB8747AC180F3834057314D7973DE968FF19A435EBB9260F
Reporter abuse_ch
Tags:exe FormBook


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: slot0.hoss-mecyberia.com
Sending IP: 45.95.169.170
From: J.AlSubhi <info@hoss-mecyberia.com>
Subject: fwd: Urgent request for quotation
Attachment: PO-5820 DRSS 1002935014-10-DTH.rar (contains "PO-5820 DRSS# 1002935014-10-DTH.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Generic.mg.dccae05e3d41143f.4131.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-06 10:19:04 UTC
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ghtgynlmuhnpn4wdszobyl4tk3w2rgueepf5dmzsiczmrnfl6iga._file
Verdict:
unknown
Result
Malware family:
formbook
Create hunting rule
Score:
  10/10
Tags:
family:formbook rat spyware stealer trojan
Link:
https://tria.ge/reports/201109-31hr9yrh66/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Deletes itself
Formbook Payload
Formbook
Malware Config
C2 Extraction:
http://www.becouf.com/prf/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar 086142d4e0593e61405d81c6728018793300716e78c2565eec6fac3291d5ae77

FormBook

Executable exe 31e66c356ca1daf6f2c3965c1c2f9356eda89a8423cbd1b33240b2c8b4abf20c

(this sample)

  
Dropped by
MD5 86a2f9ec7adc3097e7799827c95a8e4c
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 086142d4e0593e61405d81c6728018793300716e78c2565eec6fac3291d5ae77

Comments