MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 5c6a27d687b37fada1074f3df67aa17c03127913e5bc5ce1dddbb9c31930e9fe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Formbook
Vendor detections: 6
| SHA256 hash: | 5c6a27d687b37fada1074f3df67aa17c03127913e5bc5ce1dddbb9c31930e9fe |
|---|---|
| SHA3-384 hash: | 9b083cf553089ddb5a6e59841bf842a0ae1747591a9db2b692bacb43597d965bde49dd1bad604b6e01aab891bb5c6dc3 |
| SHA1 hash: | f6ce97313af978725178d894b20ec7c6c001ba4f |
| MD5 hash: | 726cc0d6ed2b02eda98404e37a5155fe |
| humanhash: | carolina-maryland-november-fanta |
| File name: | 726cc0d6ed2b02eda98404e37a5155fe |
| Download: | download sample |
| Signature | Formbook |
| File size: | 730'624 bytes |
| First seen: | 2020-11-17 12:37:00 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | f34d5f2d4577ed6d9ceec516c1f5a744 (48'665 x AgentTesla, 19'479 x Formbook, 12'208 x SnakeKeylogger) |
| ssdeep | 12288:mjIpOBFmxXiS9Wjy7ABfE+l2Q7QZj5G/dZS8ObsJ7yFIC9J:j2yE5E+goyje7y2Cv |
| TLSH | F0F4AEA773983F6BE07DD3B995281825C3F1ED12D722DB4D7D8B30CE8844E9187A161A |
| Reporter |  seifreed |
| Tags: | FormBook |
Intelligence
File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:
Behaviour
Sending a UDP request
Creating a window
Unauthorized injection to a recently created process
Creating a file
Launching cmd.exe command interpreter
Unauthorized injection to a system process
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Status:
Malicious
First seen:
2020-11-11 04:32:44 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
5/5
Detection(s):
Malicious file
Result
Malware family:
formbook
Score:
10/10
Tags:
family:formbook rat spyware stealer trojan
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Formbook Payload
Formbook
Malware Config
C2 Extraction:
http://www.abagsn.com/ffs/
Unpacked files
SH256 hash:
5c6a27d687b37fada1074f3df67aa17c03127913e5bc5ce1dddbb9c31930e9fe
MD5 hash:
726cc0d6ed2b02eda98404e37a5155fe
SHA1 hash:
f6ce97313af978725178d894b20ec7c6c001ba4f
SH256 hash:
c682e2ba808a84ad486e19fa72ea2546b53d0da4456fe3e5016aec1810435a54
MD5 hash:
10cc3b19d5133bea8fb578d905236bc8
SHA1 hash:
1d6570377c72467c809ba0e43efaf25929178011
SH256 hash:
c8671a87d685f2354d96f3cfcad530dfa5f3ec535a0f5ec14940d81fb857813b
MD5 hash:
b5358f677850210361f573c7d249c258
SHA1 hash:
215e06e319515d779efa88f7c05b343d6ec3f6a5
SH256 hash:
d2336825c0b6cd46d09f8aeee2f9381bfb3c9e5b249cfbb428caaa9b912b3b36
MD5 hash:
0be0d4a3ad3889b46b2b2588563e379d
SHA1 hash:
45fe1a1dd3565e983e9c5503307c23f8fbc92c15
SH256 hash:
c6fcf5d515d56cf746b4c4aa4695f11e9ad7f6063a96cda810bf39dc47c5a7a0
MD5 hash:
47509d9db24c975e55c287afdc459fad
SHA1 hash:
4f1f893555c985d7cbba731cf1fdbf49c6ecf793
SH256 hash:
59b6df1dc0bd9057b4a9782394a2ba0835bdf1e0510840291bba6f9404638219
MD5 hash:
4c30424f2dc473570de05d6ed51b5de0
SHA1 hash:
d3506c6bf20fb1b6f378e1c9da6a732516dd917b
Detections:
win_formbook_g0
win_formbook_auto
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Delivery method
Other
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.