MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 58b2919ca7c0f12320fc3508db29aba5cbd7d36d134903aa8333abe9f54d1728. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 58b2919ca7c0f12320fc3508db29aba5cbd7d36d134903aa8333abe9f54d1728
SHA3-384 hash: 1ac1dfd3f3eaab6ef917d5a82226fdf9732cba22523da5acc2528bf99a7588119289086062e305b40f909bf3961dd3df
SHA1 hash: 4844b5ce2e49cc085f88c379ad40f5d8dc9f6e11
MD5 hash: b1481f20840ab024ab0f729b3e0abf0a
humanhash: gee-butter-fruit-lake
File name:BANK INFORMATION-M017012022-017016.gz
Download: download sample
Signature Formbook
Create hunting rule
File size:247'489 bytes
First seen:2022-01-17 13:05:17 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:AgKZdiZw2MIcemiweK3PO1XazMIag9fvytF7mgvdVFmj9ivgD:PcEO2MIcJ3gqzBagnC1mg3Y9OgD
TLSH T1F33422E3ABF07539AC67698E7B87E0F030274B463E015430D0844E59EBD0999D87F5AE
Reporter cocaman
Tags:FormBook gz


Avatar
cocaman
Malicious email (T1566.001)
From: ""Account Mngr. Cadcam Rusli" <sent@fhhl.com>" (likely spoofed)
Received: "from zen-banach.185-176-222-125.plesk.page (unknown [185.176.222.125]) "
Date: "17 Jan 2022 02:18:57 -0800"
Subject: "DEPOSIT RETURN // INCORRECT CUSTOMERS BANK DETAILS 1/17/2022 2:18:57 a.m."
Attachment: "BANK INFORMATION-M017012022-017016.gz"

Intelligence

File Origin
# of uploads :
1
# of downloads :
321
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Lazy.92217.15063.14718.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
obfuscated overlay packed replace.exe
Link:
https://www.filescan.io/uploads/61e569c70f8c757253c4766a/reports/86405898-c34b-4231-9212-ab22474323a8/overview
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/58b2919ca7c0f12320fc3508db29aba5cbd7d36d134903aa8333abe9f54d1728/
Threat name:
ByteCode-MSIL.Backdoor.Androm
Create hunting rule
Status:
Malicious
First seen:
2022-01-17 13:06:10 UTC
File Type:
Binary (Archive)
Extracted files:
14
AV detection:
16 of 43 (37.21%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lczjdhfhydysgih4guenwknluxf5pu3ncneqhkudgov6t5knc4ua._file
Result
Malware family:
xloader
Create hunting rule
Score:
  10/10
Tags:
family:xloader campaign:be4o loader rat suricata
Link:
https://tria.ge/reports/220117-qb2zpaaehq/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Xloader Payload
Xloader
suricata: ET MALWARE FormBook CnC Checkin (GET)
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/58b2919ca7c0f12320fc3508db29aba5cbd7d36d134903aa8333abe9f54d1728

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

gz 58b2919ca7c0f12320fc3508db29aba5cbd7d36d134903aa8333abe9f54d1728

(this sample)

Formbook

Executable exe b24fe0dd0ec4d61ac6903f6579d59dcffd17d0e002c96803a551aa3ab17367ef

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b24fe0dd0ec4d61ac6903f6579d59dcffd17d0e002c96803a551aa3ab17367ef

Comments