MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 61e169cb08c5e3b163370cd992574347625e887eca583922412ddfaed2d6bd10. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 61e169cb08c5e3b163370cd992574347625e887eca583922412ddfaed2d6bd10
SHA3-384 hash: efcefbf373ee5011c4868a010ae2ce201ebf3b91b3ebfda5df6b8edbd2b7870045ebedd3c5670abc310ed85ed1fefc7c
SHA1 hash: 7396af7b8e1c586afa1aac94919c36a202a2ea11
MD5 hash: 564e1ce8fc2e1ed142662f500ef006e5
humanhash: rugby-equal-fifteen-purple
File name:564e1ce8fc2e1ed142662f500ef006e5.exe
Download: download sample
Signature FormBook
Create hunting rule
File size:662'824 bytes
First seen:2020-05-06 18:49:20 UTC
Last seen:2020-05-06 20:21:06 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a165c7db20109e2bd57812e39fa04afc (2 x FormBook)
ssdeep 6144:OysHMUEHmUs5Ftsu3QJb9/yUPMiUFIdtp007bZH0fyQnDuE0AC3WsWMi212492X:ODs/X0KiC9//MiUFl2Uqo/JCGSfQYm
Threatray 5'168 similar samples on MalwareBazaar
TLSH 7DE40296D804CF84ECDF3FB0A8C167954A6DFDD2D81E97DC61DAB5837A7E2418280278
Reporter abuse_ch
Tags:exe FormBook

Code Signing Certificate

Organisation:VeriSign Time Stamping Services CA
Issuer:Thawte Timestamping CA
Algorithm:sha1WithRSAEncryption
Valid from:Dec 4 00:00:00 2003 GMT
Valid to:Dec 3 23:59:59 2013 GMT
Serial number: 47BF1995DF8D524643F7DB6D480D31A4
Intelligence: 14 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 1C1983300C10FB262C0B2304B7BE15AABA10AE356EBBBB177583DC44774EB080
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
2
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.LuheFihaAL.24198.15632.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Inject
Create hunting rule
Status:
Malicious
First seen:
2020-05-06 19:37:22 UTC
File Type:
PE (Exe)
Extracted files:
20
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mhqwtsyiyxr3cyzxbtmzev2di5rf5cd6zjmdsisbfxp25uwwxuia._file
Verdict:
malicious
Similar samples:
322427854deccec94e7331e8d3faa9f2701289b8e2faac322889c5b04d6b8f5e
FormBook
4923037fb58a4491f08c85e0cf38a74d92dd36860932814170dc942a031bad2f
FormBook
55c852b0c762e30f96e7948cd2db3f940f8a18714f4c8146775d65e53f9fd385
FormBook
8e5e93b6f3eee7f1a08a0420b25105017d3479769e6bf9d6b2518d3abc6b1a75
FormBook
a0d38e74310877d9ee7a4d0e75e25272adb25199527d19bc08c0f1ebb21f9ce6
FormBook
a91c5af7a94238bb1556b641b9f5bc7798133b3d699a9f3d5b88b8f8fc12f091
FormBook
addd4ba4b4aa754501d638cbbf3c78bec538ca15a72acb5eadc7babfaecfa350
FormBook
b8ee3458736fa73672b43a4c55e136bafc48b215dcb89dac28b5865ab59fc99c
FormBook
ceec91127018aba0be51981277015baf08e3f0ef6fbd0a5efe5821fa698ba645
FormBook
ed3318102d772c4dcecfb1e10f37cfd3fdcbaff1d340ba9c2bc5dcfe6383f339
FormBook
+ 5'158 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-sd7p1gns86/
Behaviour
Suspicious behavior: EnumeratesProcesses
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

FormBook

Executable exe 61e169cb08c5e3b163370cd992574347625e887eca583922412ddfaed2d6bd10

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/358705/
  
Delivery method
Distributed via web download

Comments