MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 362e9be80f3970af70ae1fd73b15f5224cec9e478b3b6ceac996ef5555eba65e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 362e9be80f3970af70ae1fd73b15f5224cec9e478b3b6ceac996ef5555eba65e
SHA3-384 hash: 25781c274d2224cde5b5e7f7eaec9e0801f6ce62295f4f5c2ba485c521487e4effb6752d9070d0b22308fa13e5888062
SHA1 hash: 6408587216dd79ff0469d40c7463b9907d1ba8c4
MD5 hash: 0434273996741427b9402add133b9cb8
humanhash: mango-violet-freddie-oklahoma
File name:0434273996741427b9402add133b9cb8.exe
Download: download sample
Signature Formbook
Create hunting rule
File size:826'368 bytes
First seen:2020-06-16 15:28:15 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 66065bfa6851d704157ac187a0c7b964 (14 x AgentTesla, 4 x Loki, 3 x NanoCore)
ssdeep 12288:gYHdm1fBr+IwICEMytGbPGcbXDbE1Qla6RgVcP/7kvDxul+iFjLQFRe59IDo2LaR:gyAiIlCPtfIv9XtRe9QjL+K+c4N
Threatray 5'081 similar samples on MalwareBazaar
TLSH 5205AF32F2E04437D1731A785D1B6E789C297E1B6928BF4667E4CF0C8E356B03925A93
Reporter abuse_ch
Tags:exe FormBook

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/11056/
Detection(s):
Win.Dropper.Fareit-8043362-0
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Win32.Injector.EMJE.18762.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.CryptInjector
Create hunting rule
Status:
Malicious
First seen:
2020-06-16 07:17:05 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gyxjx2aphfyk64fod7ltwfpvejgozhshrm5wz2wjs3xvkvpluzpa._file
Verdict:
malicious
Label(s):
netwirerc
Create hunting rule
Similar samples:
035c2fa5d912202dd34e8410b14a42b0db007c2be8ed819bbc444f9818497f5b
Formbook
3beb95c4f83e5f7d1af897311a6cd1d8abfb04c656ca73d7f4c8db6ad6e5d150
Formbook
3e98d7f59e495ddfa5140a50f70347bb4a56296ca2dcb6602f65ebb4e4a0373b
Formbook
474cad642b1cf88f8d7f922cbfd9b8a00d7fc0eb40cafc0877007ee2884f105f
Formbook
6f827b68129d30609057c2e6b36be05649fce91d6bc8ee3d3566ca5c6aba562b
Formbook
9b2c6f08cd9a4e3b144422de4d540290542ce50239f2c85697a036a461b25264
Formbook
ad36c93aff3c5ad262be5608200b1d583624dd29cfb2a78fd4dfab034282bde6
Formbook
b042e4bdfe19df2aa474fd5e2294aecc9a07d447c96466db7a7e20316d885634
Formbook
c2221b7f65afde44bb459fec37286e4ad1f032d30be34d04527497c4b6acfdbd
Formbook
d3664113994262962936ebe74d0355986970def0cd0bcdcf088fe102047df9ba
Formbook
+ 5'071 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/200624-agvs5tkldn/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Formbook

Executable exe 362e9be80f3970af70ae1fd73b15f5224cec9e478b3b6ceac996ef5555eba65e

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/393721/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/11056/

Comments