MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 62ed901f438fc72b696fd6fafaa0d7fa8b1d5a6b96a281844effc456de3ada1f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Formbook
Vendor detections: 12
| SHA256 hash: | 62ed901f438fc72b696fd6fafaa0d7fa8b1d5a6b96a281844effc456de3ada1f |
|---|---|
| SHA3-384 hash: | 1d19f9e730a207f12424a68f6cfe918b5b38ca8666a8a401efd35ef623be0fec57cf9d4b71e7e8908d447e4d49b5358e |
| SHA1 hash: | 06729ed5f1ecffe874066b7a05588606dd5bac76 |
| MD5 hash: | 14cf36dfee03af7a349b1ba713dd3319 |
| humanhash: | cardinal-high-music-alanine |
| File name: | 62ed901f438fc72b696fd6fafaa0d7fa8b1d5a6b96a281844effc456de3ada1f |
| Download: | download sample |
| Signature | Formbook |
| File size: | 767'488 bytes |
| First seen: | 2023-07-06 10:48:52 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger) |
| ssdeep | 12288:ud+J/M+Jhewx/NscEQ+vgXK1HsaPUmhZ574ZgYUjczSyx1WewCSH5+I+Ux+UUl6s:R/thewlqB6pBokZgm2yxw3CI1+mUl6cN |
| Threatray | 3'201 similar samples on MalwareBazaar |
| TLSH | T1F4F4126822B7461DC08B7F7D0D006671C7FEA985B423D21B9FA3B8C8CD15B150ED5ABA |
| TrID | 63.0% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13) 11.2% (.SCR) Windows screen saver (13097/50/3) 9.0% (.EXE) Win64 Executable (generic) (10523/12/4) 5.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 3.8% (.EXE) Win32 Executable (generic) (4505/5/1) |
| File icon (PE): |  |
| dhash icon | f0d4d4c4c4c4c4f0 (13 x AgentTesla, 10 x Formbook, 4 x Loki) |
| Reporter |  adrian__luca |
| Tags: | exe FormBook |
Intelligence
File Origin
# of uploads :
1
# of downloads :
258
Origin country :
HUVendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
62ed901f438fc72b696fd6fafaa0d7fa8b1d5a6b96a281844effc456de3ada1f
Verdict:
No threats detected
Analysis date:
2023-07-06 10:48:17 UTC
Tags:
n/a
Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Formbook
Detection(s):
Result
Verdict:
Malware
Maliciousness:
Behaviour
Searching for the window
Creating a window
Unauthorized injection to a recently created process
Restart of the analyzed sample
Creating a file
Verdict:
Likely Malicious
Threat level:
7.5/10
Confidence:
100%
Tags:
packed
Verdict:
Malicious
Labled as:
Trojan.Generic
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Formbook
Verdict:
Malicious
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
60 / 100
Signature
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Threat name:
ByteCode-MSIL.Spyware.Snakekeylogger
Status:
Malicious
First seen:
2023-06-06 02:45:38 UTC
File Type:
PE (.Net Exe)
Extracted files:
11
AV detection:
28 of 37 (75.68%)
Threat level:
2/5
Detection(s):
Suspicious file
Verdict:
malicious
Label(s):
formbook
Similar samples:
+ 3'191 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
5/10
Tags:
n/a
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Unpacked files
SH256 hash:
bbc058ebc76ff4eb2e474f7bde49699ebf61366c50c2b9d5a2d07779e6b57267
MD5 hash:
bc1d851b16242463e1d856ba1d745974
SHA1 hash:
c38713c2f5279f76c604742ec66d0ed56b1978d1
Detections:
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
SH256 hash:
6119d41edc4faddea3e5fb6876a0c6de99b59f01f7082946c0b823adeadb916c
MD5 hash:
ee8a504b4d6f8178951a8fa36744d668
SHA1 hash:
47faae8a48f7925e1c25e0c5e38d0d7a8df110db
SH256 hash:
9f7388193b340da1e3c40072a9e00f64ac7379cd90ff1f1a1581ef32393d6973
MD5 hash:
8ea629ab6f57f45f9b646a9d92e95af5
SHA1 hash:
6ce089d96d5b8d222d41b5e5765179474c6cadf0
SH256 hash:
d8ef33da66a4a6215453510367cd2db3d078240c5ac22dd93dce183b9d755bf0
MD5 hash:
6fd68fa4dae2a15b5beb7a31f081390f
SHA1 hash:
26f17891c5ef6bcddec0d13e3e9a75a0df3cafae
SH256 hash:
b8b553563191450e85afa0313240839fc4d455ca5f404727293213103edef3b4
MD5 hash:
33ff7dcc796702f57d3dff43d1d1e6d7
SHA1 hash:
254aeea90aa6db5d79f5ab6bc5b7e9ff3ffe2e4a
SH256 hash:
bbc058ebc76ff4eb2e474f7bde49699ebf61366c50c2b9d5a2d07779e6b57267
MD5 hash:
bc1d851b16242463e1d856ba1d745974
SHA1 hash:
c38713c2f5279f76c604742ec66d0ed56b1978d1
Detections:
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
SH256 hash:
d6a104f362797984fae0656ca94510b6a0ec68331fe8eb92f006d9c408974116
MD5 hash:
31bd1242e6dc5d37156895742e1e466d
SHA1 hash:
0a2e2697de7b91d64bb6d296200cde585a9f7eaa
SH256 hash:
6119d41edc4faddea3e5fb6876a0c6de99b59f01f7082946c0b823adeadb916c
MD5 hash:
ee8a504b4d6f8178951a8fa36744d668
SHA1 hash:
47faae8a48f7925e1c25e0c5e38d0d7a8df110db
SH256 hash:
9f7388193b340da1e3c40072a9e00f64ac7379cd90ff1f1a1581ef32393d6973
MD5 hash:
8ea629ab6f57f45f9b646a9d92e95af5
SHA1 hash:
6ce089d96d5b8d222d41b5e5765179474c6cadf0
SH256 hash:
d8ef33da66a4a6215453510367cd2db3d078240c5ac22dd93dce183b9d755bf0
MD5 hash:
6fd68fa4dae2a15b5beb7a31f081390f
SHA1 hash:
26f17891c5ef6bcddec0d13e3e9a75a0df3cafae
SH256 hash:
b8b553563191450e85afa0313240839fc4d455ca5f404727293213103edef3b4
MD5 hash:
33ff7dcc796702f57d3dff43d1d1e6d7
SHA1 hash:
254aeea90aa6db5d79f5ab6bc5b7e9ff3ffe2e4a
SH256 hash:
d6a104f362797984fae0656ca94510b6a0ec68331fe8eb92f006d9c408974116
MD5 hash:
31bd1242e6dc5d37156895742e1e466d
SHA1 hash:
0a2e2697de7b91d64bb6d296200cde585a9f7eaa
SH256 hash:
bbc058ebc76ff4eb2e474f7bde49699ebf61366c50c2b9d5a2d07779e6b57267
MD5 hash:
bc1d851b16242463e1d856ba1d745974
SHA1 hash:
c38713c2f5279f76c604742ec66d0ed56b1978d1
Detections:
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
SH256 hash:
6119d41edc4faddea3e5fb6876a0c6de99b59f01f7082946c0b823adeadb916c
MD5 hash:
ee8a504b4d6f8178951a8fa36744d668
SHA1 hash:
47faae8a48f7925e1c25e0c5e38d0d7a8df110db
SH256 hash:
9f7388193b340da1e3c40072a9e00f64ac7379cd90ff1f1a1581ef32393d6973
MD5 hash:
8ea629ab6f57f45f9b646a9d92e95af5
SHA1 hash:
6ce089d96d5b8d222d41b5e5765179474c6cadf0
SH256 hash:
d8ef33da66a4a6215453510367cd2db3d078240c5ac22dd93dce183b9d755bf0
MD5 hash:
6fd68fa4dae2a15b5beb7a31f081390f
SHA1 hash:
26f17891c5ef6bcddec0d13e3e9a75a0df3cafae
SH256 hash:
b8b553563191450e85afa0313240839fc4d455ca5f404727293213103edef3b4
MD5 hash:
33ff7dcc796702f57d3dff43d1d1e6d7
SHA1 hash:
254aeea90aa6db5d79f5ab6bc5b7e9ff3ffe2e4a
SH256 hash:
d6a104f362797984fae0656ca94510b6a0ec68331fe8eb92f006d9c408974116
MD5 hash:
31bd1242e6dc5d37156895742e1e466d
SHA1 hash:
0a2e2697de7b91d64bb6d296200cde585a9f7eaa
SH256 hash:
bbc058ebc76ff4eb2e474f7bde49699ebf61366c50c2b9d5a2d07779e6b57267
MD5 hash:
bc1d851b16242463e1d856ba1d745974
SHA1 hash:
c38713c2f5279f76c604742ec66d0ed56b1978d1
Detections:
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
SH256 hash:
6119d41edc4faddea3e5fb6876a0c6de99b59f01f7082946c0b823adeadb916c
MD5 hash:
ee8a504b4d6f8178951a8fa36744d668
SHA1 hash:
47faae8a48f7925e1c25e0c5e38d0d7a8df110db
SH256 hash:
9f7388193b340da1e3c40072a9e00f64ac7379cd90ff1f1a1581ef32393d6973
MD5 hash:
8ea629ab6f57f45f9b646a9d92e95af5
SHA1 hash:
6ce089d96d5b8d222d41b5e5765179474c6cadf0
SH256 hash:
d8ef33da66a4a6215453510367cd2db3d078240c5ac22dd93dce183b9d755bf0
MD5 hash:
6fd68fa4dae2a15b5beb7a31f081390f
SHA1 hash:
26f17891c5ef6bcddec0d13e3e9a75a0df3cafae
SH256 hash:
b8b553563191450e85afa0313240839fc4d455ca5f404727293213103edef3b4
MD5 hash:
33ff7dcc796702f57d3dff43d1d1e6d7
SHA1 hash:
254aeea90aa6db5d79f5ab6bc5b7e9ff3ffe2e4a
SH256 hash:
d6a104f362797984fae0656ca94510b6a0ec68331fe8eb92f006d9c408974116
MD5 hash:
31bd1242e6dc5d37156895742e1e466d
SHA1 hash:
0a2e2697de7b91d64bb6d296200cde585a9f7eaa
SH256 hash:
bbc058ebc76ff4eb2e474f7bde49699ebf61366c50c2b9d5a2d07779e6b57267
MD5 hash:
bc1d851b16242463e1d856ba1d745974
SHA1 hash:
c38713c2f5279f76c604742ec66d0ed56b1978d1
Detections:
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
SH256 hash:
6119d41edc4faddea3e5fb6876a0c6de99b59f01f7082946c0b823adeadb916c
MD5 hash:
ee8a504b4d6f8178951a8fa36744d668
SHA1 hash:
47faae8a48f7925e1c25e0c5e38d0d7a8df110db
SH256 hash:
9f7388193b340da1e3c40072a9e00f64ac7379cd90ff1f1a1581ef32393d6973
MD5 hash:
8ea629ab6f57f45f9b646a9d92e95af5
SHA1 hash:
6ce089d96d5b8d222d41b5e5765179474c6cadf0
SH256 hash:
d8ef33da66a4a6215453510367cd2db3d078240c5ac22dd93dce183b9d755bf0
MD5 hash:
6fd68fa4dae2a15b5beb7a31f081390f
SHA1 hash:
26f17891c5ef6bcddec0d13e3e9a75a0df3cafae
SH256 hash:
b8b553563191450e85afa0313240839fc4d455ca5f404727293213103edef3b4
MD5 hash:
33ff7dcc796702f57d3dff43d1d1e6d7
SHA1 hash:
254aeea90aa6db5d79f5ab6bc5b7e9ff3ffe2e4a
SH256 hash:
d6a104f362797984fae0656ca94510b6a0ec68331fe8eb92f006d9c408974116
MD5 hash:
31bd1242e6dc5d37156895742e1e466d
SHA1 hash:
0a2e2697de7b91d64bb6d296200cde585a9f7eaa
SH256 hash:
bbc058ebc76ff4eb2e474f7bde49699ebf61366c50c2b9d5a2d07779e6b57267
MD5 hash:
bc1d851b16242463e1d856ba1d745974
SHA1 hash:
c38713c2f5279f76c604742ec66d0ed56b1978d1
Detections:
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
SH256 hash:
6119d41edc4faddea3e5fb6876a0c6de99b59f01f7082946c0b823adeadb916c
MD5 hash:
ee8a504b4d6f8178951a8fa36744d668
SHA1 hash:
47faae8a48f7925e1c25e0c5e38d0d7a8df110db
SH256 hash:
9f7388193b340da1e3c40072a9e00f64ac7379cd90ff1f1a1581ef32393d6973
MD5 hash:
8ea629ab6f57f45f9b646a9d92e95af5
SHA1 hash:
6ce089d96d5b8d222d41b5e5765179474c6cadf0
SH256 hash:
d8ef33da66a4a6215453510367cd2db3d078240c5ac22dd93dce183b9d755bf0
MD5 hash:
6fd68fa4dae2a15b5beb7a31f081390f
SHA1 hash:
26f17891c5ef6bcddec0d13e3e9a75a0df3cafae
SH256 hash:
b8b553563191450e85afa0313240839fc4d455ca5f404727293213103edef3b4
MD5 hash:
33ff7dcc796702f57d3dff43d1d1e6d7
SHA1 hash:
254aeea90aa6db5d79f5ab6bc5b7e9ff3ffe2e4a
SH256 hash:
d6a104f362797984fae0656ca94510b6a0ec68331fe8eb92f006d9c408974116
MD5 hash:
31bd1242e6dc5d37156895742e1e466d
SHA1 hash:
0a2e2697de7b91d64bb6d296200cde585a9f7eaa
SH256 hash:
62ed901f438fc72b696fd6fafaa0d7fa8b1d5a6b96a281844effc456de3ada1f
MD5 hash:
14cf36dfee03af7a349b1ba713dd3319
SHA1 hash:
06729ed5f1ecffe874066b7a05588606dd5bac76
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.45
YARA Signatures
MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.
| Rule name: | pe_imphash |
|---|
| Rule name: | Skystars_Malware_Imphash |
|---|---|
| Author: | Skystars LightDefender |
| Description: | imphash |
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.