MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4438d4e1f146212137b1c26f4d17c2f1db26883564b88cfdf0ca8436500586e9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4438d4e1f146212137b1c26f4d17c2f1db26883564b88cfdf0ca8436500586e9
SHA3-384 hash: e8384a6f639584a2d171fcf3662158689f0a1c2e1021af967b02a849d6277479044b2bc53001f4d3650817c7c4da6a1d
SHA1 hash: 66a92b1af7b29ea8c50b67e12f63949143600ed3
MD5 hash: 6c48ad6876cc6a2b860855965e52703b
humanhash: zebra-fanta-victor-potato
File name:PO-CCCHHUUUKKKSSSS.scr
Download: download sample
Signature Formbook
Create hunting rule
File size:273'418 bytes
First seen:2022-02-09 09:42:20 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 099c0646ea7282d232219f8807883be0 (476 x Formbook, 210 x Loki, 107 x AgentTesla)
ssdeep 6144:owpQzT2TBRa72xrliNZdykmBHfUJsY4ByvWUksay4FsYD:lQPwLTxiDdykt2pBUkswFn
Threatray 2'958 similar samples on MalwareBazaar
TLSH T1A744122A7BC2C07BD48705311276A3E6D7FD971613111AAB07319F5BB936242ED0E2BB
File icon (PE):PE icon
dhash icon b2a89c96a2cada72 (2'283 x Formbook, 981 x Loki, 803 x AgentTesla)
Reporter pr0xylife
Tags:exe FormBook

Intelligence

File Origin
# of uploads :
1
# of downloads :
187
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/239350/
Detection(s):
SecuriteInfo.com.FakeAV.CXA.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Creating a window
Creating a process from a recently created file
Сreating synchronization primitives
Launching a process
Searching for synchronization primitives
Launching cmd.exe command interpreter
Reading critical registry keys
Sending a custom TCP request
DNS request
Sending an HTTP GET request
Unauthorized injection to a recently created process
Unauthorized injection to a recently created process by context flags manipulation
Unauthorized injection to a system process
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
control.exe overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/62038cb34077c8b9a025c1a3/reports/7149b4f7-6b59-4da9-af9a-9e48388e3ea0/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Formbook
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/5e057af3-352e-47a7-ad86-157080678fa9
Result
Threat name:
FormBook
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/936697
Behaviour
Behavior Graph:
n/a
Detection:
xloader
Create hunting rule
Link:
https://mwdb.cert.pl/sample/4438d4e1f146212137b1c26f4d17c2f1db26883564b88cfdf0ca8436500586e9/
Threat name:
Win32.Trojan.Tnega
Create hunting rule
Status:
Malicious
First seen:
2022-02-09 10:04:00 UTC
File Type:
PE (Exe)
Extracted files:
3
AV detection:
21 of 26 (80.77%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=iq4njypriyqscn5ryjxu2f6c6hnsncbvms4iz7pqzkcdmuafq3uq._file
Verdict:
unknown
Similar samples:
0fe5985d6df4547de4d16044e6f249f20fc9e2b08dffbee1dc9e21cc9e099ad0
Formbook
24a163dbbbd12e458bcbcfa3e9707da5c7364369060344f062ef46dbf208169d
Formbook
4537bd6b13f1ac9554adcb1339bbb385db3606b4a2fc48d7906fc48c065f2531
Formbook
4c2cf0f1e283c82276b179dc32846808c6089f418da35804663b7bc9056321d1
Formbook
8b79dcff7e5007961448d9baeb7fa7ef65c399166b5250c982084b22899466cb
Formbook
a011e1e509dff0f1b642423ef78cd2bb5cf22f9309cd59661b5bca2090318d7d
Formbook
ae5f6a5007c02c48f4bba3dd694c528f500f8e12ec106661149e4a3d1f678c8d
Formbook
d3e3e74ae005ecdf559e792e9c26c1b5e26493f85ec256bb98c544b418fa7475
Formbook
+ 2'948 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  4/10
Tags:
n/a
Link:
https://tria.ge/reports/220209-lpw85saaer/
Behaviour
Modifies data under HKEY_USERS
Enumerates physical storage devices
Drops file in Windows directory
Unpacked files
SH256 hash:
4eea68ef1aa82be5ecc0cff73016f1fa19dff5dab169c0dfa7a97848f27358ff
MD5 hash:
86b435c373cbb66b1281dea8436f4993
SHA1 hash:
48be76644bdd30c7dbbf887b23146934109fdc9d
Detections:
win_formbook_g0
Create hunting rule
win_formbook_auto
Create hunting rule
Link:
https://www.unpac.me/results/9fa2747d-f061-42a1-b1fb-41f0b9747d03/
SH256 hash:
97f6001639fcadfb998f3b9075592dda92bea089afbaed59a94e4216f78569be
MD5 hash:
27f60a6720610106f268f8a047a03a41
SHA1 hash:
9925b1ce5ec6c824022097979c8a6bba32955c89
Link:
https://www.unpac.me/results/9fa2747d-f061-42a1-b1fb-41f0b9747d03/
SH256 hash:
4438d4e1f146212137b1c26f4d17c2f1db26883564b88cfdf0ca8436500586e9
MD5 hash:
6c48ad6876cc6a2b860855965e52703b
SHA1 hash:
66a92b1af7b29ea8c50b67e12f63949143600ed3
Link:
https://www.unpac.me/results/9fa2747d-f061-42a1-b1fb-41f0b9747d03/
Malware family:
XLoader
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/4438d4e1f146/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/239350/

Comments