MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 45f89c4293dafededd446cabbd82cf637cbfae2e36b2b8aec7156f407578a05d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 14


Intelligence 14 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 45f89c4293dafededd446cabbd82cf637cbfae2e36b2b8aec7156f407578a05d
SHA3-384 hash: 856376fb1d805f71f9651de08bbcd02d183f478adac187357d689fccf96c7410411bf15a280134a86778c0336a8efeb0
SHA1 hash: c35fa517969b0d1c56a5985d2ddcdb0da8569e1f
MD5 hash: b3d56bdd6bfde8dded7a40fbaf1773b4
humanhash: artist-sodium-speaker-august
File name:b3d56bdd6bfde8dded7a40fbaf1773b4
Download: download sample
Signature Formbook
Create hunting rule
File size:251'325 bytes
First seen:2022-01-31 13:19:47 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 099c0646ea7282d232219f8807883be0 (476 x Formbook, 210 x Loki, 107 x AgentTesla)
ssdeep 6144:owgO+88z3LkfSgEkc/8X9BVv2n4NbfHyJ4W1E9n5YA:ANz7kfSfkcUX9gSTSJRKn
Threatray 13'244 similar samples on MalwareBazaar
TLSH T12134120AE5E2C9FBD44645385EFBC38AE672874237AD165F2B981F5FA8710D3BD1A100
File icon (PE):PE icon
dhash icon b2a89c96a2cada72 (2'283 x Formbook, 981 x Loki, 803 x AgentTesla)
Reporter zbetcheckin
Tags:32 exe FormBook

Intelligence

File Origin
# of uploads :
1
# of downloads :
162
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Payment.xlsx
Verdict:
Malicious activity
Analysis date:
2022-01-31 12:09:30 UTC
Tags:
encrypted opendir exploit CVE-2017-11882 loader trojan formbook stealer
Link:
https://app.any.run/tasks/079e5e79-d2fa-4903-88f6-ea2964ac4475

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/228439/
Detection(s):
SecuriteInfo.com.FakeAV.CXA.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Creating a file
Unauthorized injection to a recently created process
DNS request
Sending a custom TCP request
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
control.exe overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/61f7e207d7fd65ae55fcc59b/reports/7f02c91c-6fb8-425b-8019-57deaaaa4e52/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Formbook
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/e1e5d8ac-fa72-48ec-9dc7-c956571bae11
Result
Threat name:
FormBook
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/930856
Behaviour
Behavior Graph:
n/a
Detection:
xloader
Create hunting rule
Link:
https://mwdb.cert.pl/sample/45f89c4293dafededd446cabbd82cf637cbfae2e36b2b8aec7156f407578a05d/
Threat name:
Win32.Trojan.Spynoon
Create hunting rule
Status:
Malicious
First seen:
2022-01-31 13:20:11 UTC
File Type:
PE (Exe)
Extracted files:
4
AV detection:
22 of 28 (78.57%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ix4jyqut3l7n5xkensv33awpmn6l7lrog2zlrlwhcvxua5lyuboq._file
Verdict:
malicious
Label(s):
formbook
Create hunting rule
Similar samples:
204831bda7d04f0905f7bf0c39e45b3772935726d8a436ee9703a19098b37e21
Formbook
2a4415721925c12ce8a80719697ffbda5daf88fe34804b0549bc5d5605790cdb
Formbook
502303edd5a9de57b3667146e84f15fc4957242ca2ef8f75f5e503946c452ee2
Formbook
5111f4fa05b89a9d727c4686485acedc16553a7715fd36776c68972acf8e5382
Formbook
57db8a6dc112c8d4b4202ba07774edf9bf54fdafd6fe11bd8d0e7ae328fcc369
Formbook
75362f20dab8d57db3ade6427e647b0bc01d8345ccfa9781d5778877f04f7fb5
Formbook
9050768f69225078f05d535401510a5b361dd071430e40639e869c7247621908
Formbook
c0904a36e97e50225bc8ab11f7a9c588ebc758b1dc624d39d94da1f5268b847e
Formbook
c7eeea84c68c73b96a2bc816b9738ca8c9c2abe93f7705ec07f8d1205422d86e
Formbook
d0a2b78cdc16ebd07adf6aacd4b6e2d639dcdebd28f0e3eb4ca3e6b73cc1add8
Formbook
+ 13'234 additional samples on MalwareBazaar
Result
Malware family:
xloader
Create hunting rule
Score:
  10/10
Tags:
family:xloader campaign:dtt3 loader rat
Link:
https://tria.ge/reports/220131-qk4jwahbhk/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Loads dropped DLL
Xloader Payload
Xloader
Unpacked files
SH256 hash:
45f89c4293dafededd446cabbd82cf637cbfae2e36b2b8aec7156f407578a05d
MD5 hash:
b3d56bdd6bfde8dded7a40fbaf1773b4
SHA1 hash:
c35fa517969b0d1c56a5985d2ddcdb0da8569e1f
Link:
https://www.unpac.me/results/839f025c-a28c-4ec1-85ec-c9a9cb2d9803/
Malware family:
XLoader
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/45f89c4293da/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.33
Link:
https://yomi.yoroi.company/submissions/45f89c4293dafededd446cabbd82cf637cbfae2e36b2b8aec7156f407578a05d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Formbook

Executable exe 45f89c4293dafededd446cabbd82cf637cbfae2e36b2b8aec7156f407578a05d

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/228439/
  
URLhaus
https://urlhaus.abuse.ch/url/2018342/

Comments


Avatar
zbet commented on 2022-01-31 13:19:50 UTC

url : hxxp://107.174.138.158/100/vbc.exe