MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5f548015f3c7d81e255e3572e5ff9c9d89a93a97e5a104be698883bc20d60d54. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

FormBook

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	5f548015f3c7d81e255e3572e5ff9c9d89a93a97e5a104be698883bc20d60d54
SHA3-384 hash:	5034f9cee3fae35b39a9476f2a5799904b1bc8ccaa20081def7477d9937e027e6a25837dd804899483c13a8e12c1d219
SHA1 hash:	2b995dfac3c35d3df1be411fcb49ff8ed74ecafa
MD5 hash:	2fe095bf0575b3167bb3e2744df6ef95
humanhash:	juliet-coffee-kitten-kilo
File name:	2fe095bf0575b3167bb3e2744df6ef95.exe
Download:	download sample
Signature	FormBook Create hunting rule
File size:	778'752 bytes
First seen:	2020-06-22 11:56:09 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	7a3b36319e10a182a46078ebecd565ef (13 x AgentTesla, 4 x HawkEye, 4 x Loki)
ssdeep	12288:cGeRii6YfY4FBgEMo+3z9SFnbHhnmju5hgI83Lr7xDtIfbHka:tLLv4fH02bcjuP6FJIfb
Threatray	4'837 similar samples on MalwareBazaar
TLSH	62F49E22E2D04C33CC2F16789D7B76776D29BE10392869462FE5DC4C9E3929D382529F
Reporter	abuse_ch
Tags:	exe FormBook

Intelligence

File Origin

# of uploads :

1

# of downloads :

88

Origin country :

n/a

Vendor Threat Intelligence

Detection:

Formbook

Link:

https://www.capesandbox.com/analysis/12582/

Detection(s):

PUA.Win.Adware.Slugin-6803969-0

PUA.Win.Adware.Slugin-6840354-0

Detection:

formbook

Link:

https://mwdb.cert.pl/sample/5f548015f3c7d81e255e3572e5ff9c9d89a93a97e5a104be698883bc20d60d54/

Threat name:

Win32.Infostealer.Fareit

Status:

Malicious

First seen:

2020-06-22 11:58:04 UTC

AV detection:

30 of 31 (96.77%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=l5kiafpty7mb4jk6gvzol744twe2soux4wqqjptjrcb3yigwbvka._file

Verdict:

malicious

Label(s):

netwirerc

Similar samples:

15c4fa85cbc2c692575d38601a56e49a52a23d74a2dce110bf17beadf46672bb

2ad145ebeae4ff20eeb893b16658fe43d7557f30c746edc355a5dceb393bf8bb

3e98d7f59e495ddfa5140a50f70347bb4a56296ca2dcb6602f65ebb4e4a0373b

498fbde70a7375ef095b51ad4ad72798d26a2d28dd82e155e9afc31e95773bea

590fde182a154cd89b15d88546d60351b9fecb51e04fbbf4affd8d49a618bd23

6b307cbe4f1e8d769af95142d574e77a50654e25cce234f48da6c5e7a7aa4b99

6f827b68129d30609057c2e6b36be05649fce91d6bc8ee3d3566ca5c6aba562b

9c0d3c463792d704909de3a04cd7a6d31f8094301e8e24950af31cdc5e9f2838

cfa40c1b8552fd4db408ba6cc0d622c3fed256ca4e684e4277291332c45975fb

d3664113994262962936ebe74d0355986970def0cd0bcdcf088fe102047df9ba

+ 4'827 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://tria.ge/reports/200624-lkhwd6g4aj/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious behavior: MapViewOfSection

Suspicious use of SetThreadContext

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/12582/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample