MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 445ed93365c347e46a9e8c38fed4d13a61a5f00f3f2ea830eaaf321cc91fbc7a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 445ed93365c347e46a9e8c38fed4d13a61a5f00f3f2ea830eaaf321cc91fbc7a
SHA3-384 hash: 7c92b045fce10e1d786ec7a428b0e8d5d6259ffba878471b0acafb98d5a55e7648271e45d40905caef3dc91263c6bc45
SHA1 hash: 58ec0c0e1a694a0bd4195e596a2e681917ec2427
MD5 hash: baf003f4c95fbc175188287dbf83f7d3
humanhash: william-maine-potato-lithium
File name:SecuriteInfo.com.Gen.Variant.Jaik.46770.28504.2579
Download: download sample
Signature Formbook
Create hunting rule
File size:267'037 bytes
First seen:2021-07-12 13:56:05 UTC
Last seen:2021-07-12 14:49:26 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash ced282d9b261d1462772017fe2f6972b (127 x Formbook, 113 x GuLoader, 70 x RemcosRAT)
ssdeep 3072:GBkfJpRXATwMdFCczbyNqg3P+4ygKlGpKNnbDbpJUrJQTU5JzniROHOJbJwZu2kY:GqjIJyNdf+3GpePdU5J2EOzf2ucx9
Threatray 5'928 similar samples on MalwareBazaar
TLSH T1C744AD7660F2A4D6F6EA5EB36D158545BEDB9D04CD52410EE26932F122337C8C20A1FF
Reporter SecuriteInfoCom
Tags:exe FormBook

Intelligence

File Origin
# of uploads :
2
# of downloads :
140
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Gen.Variant.Jaik.46770.28504.2579
Verdict:
Malicious activity
Analysis date:
2021-07-12 14:02:34 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/81ff39b2-1082-41fa-8885-5907d5b17f52

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/171128/
Detection(s):
SecuriteInfo.com.Gen.Variant.Jaik.46770.28504.2579.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Formbook
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/4d1c0922-c247-4cfd-9a0d-628511bac363
Result
Threat name:
FormBook
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/814909
Signature
Antivirus detection for dropped file
C2 URLs / IPs found in malware configuration
Found malware configuration
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Maps a DLL or memory area into another process
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected FormBook
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/445ed93365c347e46a9e8c38fed4d13a61a5f00f3f2ea830eaaf321cc91fbc7a/
Threat name:
Win32.Trojan.Azorult
Create hunting rule
Status:
Malicious
First seen:
2021-07-12 13:56:55 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=irpnsm3fynd6i2u6rq4p5vgrhjq2l4aph4xkqmhkv4zbzsi7xr5a._file
Verdict:
malicious
Label(s):
formbook
Create hunting rule
Similar samples:
07af0ffdb9e42eb6ca145708be323b7641311d943d28ba746d5f16dd4c5a3eed
Formbook
228f0e866b6580e0799a21147d9fbf4d6e56a5b89b9b68dcb29ca4d15d18f484
Formbook
4718e1656f1f705c062702c9d6f26a0fc4de0a7fec3ced0e0b521432f5037be3
Formbook
8e36abaf554e37c743a7874d53dcc57751e88be673ac98c5abaa873984cb6e23
Formbook
a65e94056f4196ac076a6cbd588bd094edb4f7dc9d9f5e1691817a4abc70be4b
Formbook
a6b7f7cc0b732bd64663fc8c69b3d88a155a2fbf6e0c0857435cb277d86e2e80
Formbook
aa600ea695abd3d2d6d445c6d2b07d3944cfbbf77f0850411ac426d9d6c037c2
Formbook
df008aace52827a15e0dbf8e6eb1f4febdd6fafcdbcbafe16ff27b7526594be0
Formbook
+ 5'918 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/210712-vbeh3537v2/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Suspicious use of SetThreadContext
Loads dropped DLL
Unpacked files
SH256 hash:
1a93600b92de92180b422c15eb6d6bcd5fa77075aec0cda6e6f92febbf53934d
MD5 hash:
1599e0481fb61dd3ba0ad0c229704ad5
SHA1 hash:
a61b36a57c69ba572cede8c1b5b9f579b46ec792
Detections:
win_formbook_g0
Create hunting rule
win_formbook_auto
Create hunting rule
Link:
https://www.unpac.me/results/8b4c51d2-2a2f-46c8-aedb-5f55dfa91938/
Parent samples :
aa600ea695abd3d2d6d445c6d2b07d3944cfbbf77f0850411ac426d9d6c037c2
445ed93365c347e46a9e8c38fed4d13a61a5f00f3f2ea830eaaf321cc91fbc7a
1ccdc34a2258984fb0df40dd979f71d4c11bce12cb6e840e90fbd9281254ade6
SH256 hash:
4ab881e2c4812cb6828e8ef85d89201c1c9d99ebe7c5a9bac9e8f999c74b15c0
MD5 hash:
e5b2d4d5f7e8bb2188ada1208600b397
SHA1 hash:
f41aef026f8eebe894fb825b3d69f435b53d702b
Link:
https://www.unpac.me/results/8b4c51d2-2a2f-46c8-aedb-5f55dfa91938/
SH256 hash:
1e44f674f3477fbebf1de8106ef493f65d74976cd351c80eb39661383d558484
MD5 hash:
066f2d2d8520e93eb6b1128bf867c58d
SHA1 hash:
d5794e49172a2121a59d696b185e32ffd53ef8dd
Link:
https://www.unpac.me/results/8b4c51d2-2a2f-46c8-aedb-5f55dfa91938/
SH256 hash:
445ed93365c347e46a9e8c38fed4d13a61a5f00f3f2ea830eaaf321cc91fbc7a
MD5 hash:
baf003f4c95fbc175188287dbf83f7d3
SHA1 hash:
58ec0c0e1a694a0bd4195e596a2e681917ec2427
Link:
https://www.unpac.me/results/8b4c51d2-2a2f-46c8-aedb-5f55dfa91938/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.47
Link:
https://yomi.yoroi.company/submissions/445ed93365c347e46a9e8c38fed4d13a61a5f00f3f2ea830eaaf321cc91fbc7a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/171128/

Comments