MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 693326e19e98db0b09372ddd5d454b3c23db0fbd20dc2e1671d7395fd150010c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Formbook

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	693326e19e98db0b09372ddd5d454b3c23db0fbd20dc2e1671d7395fd150010c
SHA3-384 hash:	2a8e36a48194b99e832499a94b70679c033f929cac3fe1f397463dfbefd8634418a1ab2985eae8cde346bfdaab669702
SHA1 hash:	aadf8767173865aa010b102e3fca2b9d44b7e0aa
MD5 hash:	09ebf10a43e396834630f4a8c9b663c6
humanhash:	football-october-missouri-four
File name:	dsda.js
Download:	download sample
Signature	Formbook Create hunting rule
File size:	49'260 bytes
First seen:	2025-09-08 06:52:40 UTC
Last seen:	2025-09-08 13:29:13 UTC
File type:	js
MIME type:	text/plain
ssdeep	192:OstWovARGO42c42zHMQECa2rtQa9Z9csBgnnngKEB4YldB3MEbib:OCWcOMXYKmM7gb
Threatray	150 similar samples on MalwareBazaar
TLSH	T19623251DB3F8309D49943D7221D0BAB98E0EAB3757E1CD285066FDCB4B36A4951B82D3
Magika	javascript
Reporter	Anonymous
Tags:	FormBook js

Intelligence

File Origin

# of uploads :

3

# of downloads :

91

Origin country :

PL

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Rogue.0hr.20250908-0234.UNOFFICIAL

Sanesecurity.Malware.32320.UNOFFICIAL

Verdict:

Malicious

Score:

91.7%

Link:

https://cyber-fortress.com/docs/result/index.php?id=68be7d6f6e66ba602d790b0b

Tags:

obfuscate xtreme spawn

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-vm powershell

Link:

https://www.filescan.io/uploads/68be7d7020d0ee406d9a03a0/reports/3f243752-7c6e-40d8-b3e9-b194f8dd3c57/overview

Verdict:

Malicious

Labled as:

TrojanDownloader/JS.NetLoader

Link:

https://www.hybrid-analysis.com/sample/693326e19e98db0b09372ddd5d454b3c23db0fbd20dc2e1671d7395fd150010c

Verdict:

Malicious

File Type:

js

First seen:

2025-09-07T20:38:00Z UTC

Last seen:

2025-09-07T20:38:00Z UTC

Hits:

~1000

Link:

https://opentip.kaspersky.com/693326e19e98db0b09372ddd5d454b3c23db0fbd20dc2e1671d7395fd150010c/results?tab=lookup

Score:

90%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/693326e19e98db0b09372ddd5d454b3c23db0fbd20dc2e1671d7395fd150010c

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/693326e19e98db0b09372ddd5d454b3c23db0fbd20dc2e1671d7395fd150010c/

Threat name:

Script-JS.Backdoor.FormBook

Status:

Malicious

First seen:

2025-09-07 23:41:28 UTC

File Type:

Binary

AV detection:

11 of 38 (28.95%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=nezsnym6tdnqwcjxfxov2rklhqr5wd55edoc4ftr244v7ukqaega._file

Verdict:

malicious

Label(s):

formbook

Similar samples:

37c810d524a8db830dbb9d12d5d918802d3c85619d58810d04fc95232ec393ce

664272d1c9d15f1747c86d06066467ccdc54ce0062e1d201950a5a95478f1d99

8c2bf37543f505883716f27429754461c61c2b259a882942e59b4ecd0f279b80

8e3ac942df072256abcf91e4f1e5c76a09093374a9f5b997905dfc5a8b949e2a

9a85868fada912b766b75721172bd8d3c741cb29811490fd8e9f53832712fe89

c219396bdbe5ecedd6f6edd308734920f6a52b6cdbefafc16916f07dadffc1c8

c83f645369bd6c84db6f1750f895037077647323d811b61b15f34f2ab4f18292

dccde739186bcc2b12daae93ada247895c811ec080cf06fd4d431d2caecdc196

+ 140 additional samples on MalwareBazaar

Result

Malware family:

formbook

Score:

10/10

Tags:

family:formbook execution rat spyware stealer trojan

Link:

https://tria.ge/reports/250908-hnt6lsskv6/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Command and Scripting Interpreter: JavaScript

Suspicious use of SetThreadContext

Badlisted process makes network request

Command and Scripting Interpreter: PowerShell

Formbook payload

Formbook

Formbook family

Process spawned unexpected child process

Malware Config

Dropper Extraction:

https://archive.org/download/optimized_msi_20250904/optimized_MSI.png

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.55

Link:

https://yomi.yoroi.company/submissions/693326e19e98db0b09372ddd5d454b3c23db0fbd20dc2e1671d7395fd150010c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample