MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6cedea888c451f6f61096686be8ba2aeae326f176885d14f4c6c8b6bc56c08a8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6cedea888c451f6f61096686be8ba2aeae326f176885d14f4c6c8b6bc56c08a8
SHA3-384 hash: 0fd50c743b64325c45470fbd0bf1292bb99f3e434f1a77f6699a5fc8e089dada3718f598d8e9e12395df871211ca9db4
SHA1 hash: 28efd00cbe954d49dc547492d9dabe0f476102e7
MD5 hash: 270d6569643f6933dc525835f72d80a8
humanhash: harry-pluto-nebraska-sixteen
File name:270d6569643f6933dc525835f72d80a8.exe
Download: download sample
Signature FormBook
Create hunting rule
File size:510'464 bytes
First seen:2020-05-28 06:05:26 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash eff4383a0660ef8798a09085a4d832a3 (3 x FormBook)
ssdeep 6144:lBWeaqJFYCBFexViThiXMtiC1pldBgtq14NZHEV5XRcoES9PD+p:eeDiCHOrAiCPRgtPNaVfcoEt
Threatray 5'268 similar samples on MalwareBazaar
TLSH 59B438BE7F47311CF8060E353B7459A4B0E66E9AB928B09619B77D3376B34C250A1336
Reporter abuse_ch
Tags:exe FormBook

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/5094/
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

SecuriteInfo.com.Generic.mg.4e27900568769c90.23830.UNOFFICIAL
Create hunting rule

Result
Threat name:
FormBook
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/363248
Behaviour
Behavior Graph:
n/a
Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 18:48:00 UTC
File Type:
PE (Exe)
Extracted files:
7
AV detection:
21 of 31 (67.74%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
emotet
Create hunting rule
trickbot
Create hunting rule
Similar samples:
223bbe1af0d09289a1ebeddf78e3218fcae28d0a69c291d66fee5fa29337844a
FormBook
27faaaca4acb955010d7b8c16764a536c04149f2d332f99668d6ff6f292bfc20
FormBook
322427854deccec94e7331e8d3faa9f2701289b8e2faac322889c5b04d6b8f5e
FormBook
5628310c6fe718d77dadbc5c8cb6238faa27942517b590c2a87c07aadca429d6
FormBook
7f6459ace4d6259e61c8170563af8a30f25568457902f4f717c8ad17574efab6
FormBook
84c1cc6183b56cc7983f93d265089e781d809648f4eb6d0a7a597244009b480c
FormBook
a85f53a7ad2f536d245e47535007f2bceacfa10f08d7f3f6568781dd1794caa0
FormBook
b24a5df4c63722afbed1e3807b18fcc065008ec3431de146dbf3657dffa00893
FormBook
e6742b128af4b17cd984a3f2afdfda113499d12ba372085492fc0ad0fb4a83f5
FormBook
f38d170b1da421aa60e778a64fec953d3058336f7cb06568ba7926495fe87f0c
FormBook
+ 5'258 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-2zl9b75cfj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of NtCreateProcessExOtherParentProcess
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

FormBook

Executable exe 6cedea888c451f6f61096686be8ba2aeae326f176885d14f4c6c8b6bc56c08a8

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/370127/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/370141/
  
URLhaus
https://urlhaus.abuse.ch/url/370173/
Cape
Cape
https://www.capesandbox.com/analysis/5094/

Comments