MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 6c2f26b8fee229fab2605231fb9e9b16cf2b610d588410bfc183131a30fb4ca7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Formbook
Vendor detections: 6
| SHA256 hash: | 6c2f26b8fee229fab2605231fb9e9b16cf2b610d588410bfc183131a30fb4ca7 |
|---|---|
| SHA3-384 hash: | ecc0fad20dc6208aa80062d8e8d1a1b3b6b8b0fcf6421bf977cdd1057bb7b2b25fa9dc9309b4d38d29cb99eb33b08ebf |
| SHA1 hash: | cd8174330e94e040d624ef5897ebf3fcc492aff6 |
| MD5 hash: | 365e87a1ae6c875f642b765299444e3c |
| humanhash: | batman-happy-xray-johnny |
| File name: | 365e87a1ae6c875f642b765299444e3c |
| Download: | download sample |
| Signature | Formbook |
| File size: | 488'448 bytes |
| First seen: | 2020-11-17 12:41:22 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | f34d5f2d4577ed6d9ceec516c1f5a744 (48'661 x AgentTesla, 19'474 x Formbook, 12'208 x SnakeKeylogger) |
| ssdeep | 6144:0Si5Za+LKfq5sLfnvKWbhp5pT63wi9BdaPDG9kjHarljhgMi64D3/:0SivlLBiLXKOj23XndaPDGyzalM |
| TLSH | E4A49DB33DC2883CDE990B754CF504F1EA7A12CE3E838A0E725E931C4A15657671B66E |
| Reporter |  seifreed |
| Tags: | FormBook |
Intelligence
File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:
Behaviour
Sending a UDP request
Creating a file in the %temp% subdirectories
Creating a window
Running batch commands
Launching a process
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Threat name:
ByteCode-MSIL.Trojan.Razy
Status:
Malicious
First seen:
2020-11-10 08:15:35 UTC
AV detection:
23 of 28 (82.14%)
Threat level:
5/5
Detection(s):
Suspicious file
Result
Malware family:
n/a
Score:
7/10
Tags:
persistence
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Adds Run key to start application
Loads dropped DLL
Unpacked files
SH256 hash:
6c2f26b8fee229fab2605231fb9e9b16cf2b610d588410bfc183131a30fb4ca7
MD5 hash:
365e87a1ae6c875f642b765299444e3c
SHA1 hash:
cd8174330e94e040d624ef5897ebf3fcc492aff6
SH256 hash:
9e711e7d6d9a8f0cb54f0c83eb74ad7cb09f33310996cc7ad85f49907d65f0a3
MD5 hash:
d5b54f0f0fe63d9d0a9d2d608e158c6a
SHA1 hash:
52cab4fc7e5aac5f9784affd348a3f87afe498c7
SH256 hash:
19d9922060be89a70b76e5c0056e751f1baa5d41819235c92cf4f5d7668e1267
MD5 hash:
811864a0b06c529af894a7fec6ddbf47
SHA1 hash:
d35b82933eb06a6ec60e8cbbdb65eb6cdcaeb6d2
SH256 hash:
dba26e75ad0d37394582f4abd545b0069ddc2eefc4908a36effc9f831f7202f9
MD5 hash:
ef5ec02a441227e4937c32c85a216916
SHA1 hash:
6a9fbf45150031453da32e93b464a6df769dbb4b
SH256 hash:
31a7bddff330da3339a0219fc56b765a303477440389679363bcb239d3398f57
MD5 hash:
4dff620bf307007fa21a74ba9963963c
SHA1 hash:
7076ba73be791fe28114fdd83de2d4712b35823a
Detections:
win_formbook_g0
win_formbook_auto
SH256 hash:
ff29f3a1f322922d3f95f67adf538b1891e15d9e13e1ab2f2f5c41dbde6200cd
MD5 hash:
02d5d136f8a46d4683b78be0c760ffd9
SHA1 hash:
500fefcbca0be2f637f4a4200b71af45dd0fe855
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Delivery method
Other
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.