MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6e9a7610a7e46968d211763942cc8508e1c07cfbbde75f8a9ae70926eaf991ef. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Formbook

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	6e9a7610a7e46968d211763942cc8508e1c07cfbbde75f8a9ae70926eaf991ef
SHA3-384 hash:	bffe4b0052e682a474d5ce0377b158b0474e44abc4ebf947c1380b254440e78a75c027fced085097c25a56cb2029341c
SHA1 hash:	59bb843a0027755d876b018b1552b21caf3851a5
MD5 hash:	b57ce0d894eab00c88302eda3cc38d22
humanhash:	spaghetti-mobile-cold-enemy
File name:	SecuriteInfo.com.Generic.mg.b57ce0d894eab00c.10071
Download:	download sample
Signature	Formbook Create hunting rule
File size:	1'243'456 bytes
First seen:	2021-01-30 03:57:42 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'740 x AgentTesla, 19'600 x Formbook, 12'241 x SnakeKeylogger)
ssdeep	24576:KJCwUGcLDGmSvbWak1v3n0jdWg0Iv1JVJuvKWkFH3YVW3smWJAmISZ3M/+3lryYW:KMw3cnfIbWakx30JWg0IFJQpkFH3ogRP
TLSH	6C45334DD3745335C4C8353FD536A90FABB16B896608120AA3A64ADF249F3F941336BB
Reporter	SecuriteInfoCom
Tags:	FormBook

Intelligence

File Origin

# of uploads :

# of downloads :

145

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

SecuriteInfo.com.Generic.mg.b57ce0d894eab00c.10071

Verdict:

Malicious activity

Analysis date:

2021-01-30 03:58:24 UTC

Tags:

evasion

Link:

https://app.any.run/tasks/caf08346-0318-4f3a-aebc-071f4e06593d

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/114864/

Result

Verdict:

Clean

Maliciousness:

Behaviour

Using the Windows Management Instrumentation requests

DNS request

Sending an HTTP GET request

Creating a window

Sending a UDP request

Result

Threat name:

Unknown

Detection:

malicious

Classification:

troj.evad

Score:

72 / 100

Link:

https://www.joesandbox.com/analysis/594476

Signature

Antivirus / Scanner detection for submitted sample

Machine Learning detection for sample

May check the online IP address of the machine

Multi AV Scanner detection for submitted file

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/6e9a7610a7e46968d211763942cc8508e1c07cfbbde75f8a9ae70926eaf991ef/

Threat name:

ByteCode-MSIL.Trojan.Wacatac

Status:

Malicious

First seen:

2021-01-30 01:34:08 UTC

AV detection:

16 of 46 (34.78%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=n2nhmefh4ruwruqroy4uftefbdq4a7h3xxtv7cu244esn2xzshxq._file

Verdict:

unknown

Result

Malware family:

n/a

Score:

6/10

Tags:

n/a

Link:

https://tria.ge/reports/210130-g3hr7k8h5e/

Behaviour

Suspicious use of AdjustPrivilegeToken

Looks up external IP address via web service

Unpacked files

SH256 hash:

b5aa6025ee7402ce06960828a4c90c2c69d08300b19fbb7b7a6185c8859e895b

MD5 hash:

f2a467fa2dea9bbab4b8973cd780f8a3

SHA1 hash:

50524286e561c5210cd5a4c37cce5907362ad42b

Link:

https://www.unpac.me/results/19cc44f0-c080-4b95-b526-2f3956498953/

SH256 hash:

6e9a7610a7e46968d211763942cc8508e1c07cfbbde75f8a9ae70926eaf991ef

MD5 hash:

b57ce0d894eab00c88302eda3cc38d22

SHA1 hash:

59bb843a0027755d876b018b1552b21caf3851a5

Link:

https://www.unpac.me/results/19cc44f0-c080-4b95-b526-2f3956498953/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/6e9a7610a7e46968d211763942cc8508e1c07cfbbde75f8a9ae70926eaf991ef

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Formbook

exe 6e9a7610a7e46968d211763942cc8508e1c07cfbbde75f8a9ae70926eaf991ef

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/983674/

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/983727/

Cape

https://www.capesandbox.com/analysis/114864/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample