MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 33500d82b580ebcc34521dd70217ba0cf976d4708f6d9d413388aae64317b43d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Formbook

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	33500d82b580ebcc34521dd70217ba0cf976d4708f6d9d413388aae64317b43d
SHA3-384 hash:	624a4623288acce6ac3595442a873e6b8e18ad7bd21c79e9dd12a26ba60e81bc8778c10c8a3d5143765b50c62be8301f
SHA1 hash:	0ae09413e3d571c65e00bfc9bb6815442b3a0f27
MD5 hash:	977ba817fb468f5a30f87d0c8da043be
humanhash:	zebra-avocado-beryllium-colorado
File name:	977ba817fb468f5a30f87d0c8da043be.exe
Download:	download sample
Signature	Formbook Create hunting rule
File size:	744'960 bytes
First seen:	2020-09-07 09:08:58 UTC
Last seen:	2020-09-07 09:42:44 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'650 x AgentTesla, 19'462 x Formbook, 12'203 x SnakeKeylogger)
ssdeep	12288:XtkwXVci3efXAO0urmFHq3VKOE+DcV+HHKXfjFv/iLelL:9koVtM5rm9q30KckHIfELqL
TLSH	ECF4023963E88E39EA7E4738507142108BF9F921925FE74E79E564BC9CE33924E03257
Reporter	abuse_ch
Tags:	exe FormBook

Intelligence

File Origin

# of uploads :

# of downloads :

205

Origin country :

n/a

Vendor Threat Intelligence

Detection:

Formbook

Link:

https://www.capesandbox.com/analysis/57641/

Detection(s):

SecuriteInfo.com.UDS.DangerousObject.Multi.Generic.9658.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Creating a window

Unauthorized injection to a recently created process

Creating a file

Launching the process to change network settings

Launching cmd.exe command interpreter

Unauthorized injection to a system process

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/33500d82b580ebcc34521dd70217ba0cf976d4708f6d9d413388aae64317b43d/

Threat name:

Win32.Trojan.FormBook

Status:

Malicious

First seen:

2020-09-07 08:17:33 UTC

AV detection:

21 of 29 (72.41%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=gnia3avvqdv4yncsdxlqef52bt4xnvdqr5wz2qjtrcvomqyxwq6q._file

Result

Malware family:

formbook

Score:

10/10

Tags:

rat trojan spyware stealer family:formbook

Link:

https://tria.ge/reports/200907-x2yd3laraj/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Formbook Payload

Formbook

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

0.97

Link:

https://yomi.yoroi.company/submissions/33500d82b580ebcc34521dd70217ba0cf976d4708f6d9d413388aae64317b43d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Formbook

exe 33500d82b580ebcc34521dd70217ba0cf976d4708f6d9d413388aae64317b43d

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/373327/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/57641/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample