MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7314bbdbc2d9f2a842b72db29af17e6e85ca93465a9d4ca53706c671eb86f68f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	7314bbdbc2d9f2a842b72db29af17e6e85ca93465a9d4ca53706c671eb86f68f
SHA3-384 hash:	aa6a73f0e0b8f24708786741ee626336cd7e79b707711d07f920c209860567bf6b7ef88df794bbcfd8a47a553cbd454c
SHA1 hash:	cbf12ec1adb58aba62d0ae018911047836b4a125
MD5 hash:	85967ab5e1cedd97ffde2fa45dafd17e
humanhash:	fish-bakerloo-purple-montana
File name:	LAMHgZs8AETIC8S.exe
Download:	download sample
Signature	Formbook Alert Create hunting rule
File size:	687'104 bytes
First seen:	2023-12-14 07:34:40 UTC
Last seen:	2023-12-14 09:23:13 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'740 x AgentTesla, 19'597 x Formbook, 12'241 x SnakeKeylogger)
ssdeep	12288:ZEfLIbGy+YYUBYqE7BXLL2y58C/K7MscpMyt1iamDj6apyMeTkqQCla5gkPq/H1g:ktYnCqE7BbKA8qEcP3ivPVpyWD+1D
Threatray	387 similar samples on MalwareBazaar
TLSH	T187E42318975E99BAC2F703797C72021143B18141D811E38F18A6F4FEA43379672A76EF
TrID	71.1% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13) 10.2% (.EXE) Win64 Executable (generic) (10523/12/4) 6.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 4.3% (.EXE) Win32 Executable (generic) (4505/5/1) 2.0% (.ICL) Windows Icons Library (generic) (2059/9)
File icon (PE):
dhash icon	cc0f3355332b17cc (12 x AgentTesla, 6 x Formbook)
Reporter	abuse_ch
Tags:	exe FormBook

Intelligence

---

File Origin

# of uploads :

2

# of downloads :

327

Origin country :

NL

Vendor Threat Intelligence

CAPE Sandbox Formbook

Detection:

Formbook

Alert

Create hunting rule

Link:

https://www.capesandbox.com/analysis/467405/

ClamAV Detected

Detection(s):

SecuriteInfo.com.Trojan.Inject4.59820.27807.3912.UNOFFICIAL

Alert

Create hunting rule

Dr. Web vxCube Malware

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Creating a window

Sending a custom TCP request

Unauthorized injection to a recently created process

Restart of the analyzed sample

Creating a file

Сreating synchronization primitives

FileScan.IO Suspicious

Verdict:

Suspicious

Threat level:

  5/10

Confidence:

100%

Tags:

packed

Link:

https://www.filescan.io/uploads/657ab02c855eb2633d69054f/reports/5350aef6-8515-4f09-b42a-3048a9c27bad/overview

Hybrid Analysis Trojan.Generic

Verdict:

Malicious

Labled as:

Trojan.Generic

Link:

https://www.hybrid-analysis.com/sample/7314bbdbc2d9f2a842b72db29af17e6e85ca93465a9d4ca53706c671eb86f68f

InQuest MALICIOUS

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Intezer Formbook

Malware family:

Formbook

Alert

Create hunting rule

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/f1eaae71-7cae-41e6-865d-43864de4b320

Joe Sandbox FormBook

Result

Threat name:

FormBook

Alert

Create hunting rule

Detection:

malicious

Classification:

troj.spyw.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/1361991

Signature

.NET source code contains potential unpacker

Antivirus detection for URL or domain

Injects a PE file into a foreign processes

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Maps a DLL or memory area into another process

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Performs DNS queries to domains with low reputation

Queues an APC in another process (thread injection)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Writes to foreign memory regions

Yara detected AntiVM3

Yara detected FormBook

Behaviour

Behavior Graph:

Download SVG

Nucleon Malprob Malware

Score:

100%

Verdict:

Malware

File Type:

PE

Link:

https://malprob.io/report/7314bbdbc2d9f2a842b72db29af17e6e85ca93465a9d4ca53706c671eb86f68f

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/7314bbdbc2d9f2a842b72db29af17e6e85ca93465a9d4ca53706c671eb86f68f/

ReversingLabs TitaniumCloud ByteCode-MSIL.Trojan.AgentTesla

Threat name:

ByteCode-MSIL.Trojan.AgentTesla

Alert

Create hunting rule

Status:

Malicious

First seen:

2023-12-13 09:20:58 UTC

File Type:

PE (.Net Exe)

Extracted files:

9

AV detection:

18 of 23 (78.26%)

Threat level:

  5/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=omklxw6c3hzkqqvxfwzjv4l6n2c4ve2glkouzjjxa3dhd24g62hq._file

Threatray formbook

Verdict:

malicious

Label(s):

formbook

Alert

Create hunting rule

Similar samples:

143f092cbd7313e6a03117e8aa077956b15a2c033087f094e0b21475bb6d42fd

Formbook

2da908b3487a1e8e4a0cb9ca61b7a99f7067f39dc118f75cbdde807dc07b0edd

Formbook

398d657a86bb82638352ce58d7f71da551cc07c7a0831f83a588dff8bca0ca3a

Formbook

3cc5b7aa1246d1f0bce5ffcabaa0525c40214012fc13998c711ac741ae71d4ce

Formbook

62b04ac132c93b0b77450de95c73aa65790d34b542728780077956ac568ee85d

Formbook

b2587673f763a90585340e9a2cac2ec42143e05278483935f34f85dab922dbc4

Formbook

d05df2f1116d549b84cf6aa3441456f981c6cc77054672381e0118e19cd48c05

Formbook

eaf0b886df577c2c4a4e658b77693ed6bf0afdad4fd05a1fbcfdb88d81d10de3

Formbook

+ 377 additional samples on MalwareBazaar

Hatching Triage Suspicious

Result

Malware family:

n/a

Score:

  5/10

Tags:

n/a

Link:

https://tria.ge/reports/231214-jeng5sdee7/

Behaviour

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: MapViewOfSection

Suspicious use of AdjustPrivilegeToken

Suspicious use of UnmapMainImage

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

UnpacMe INDICATOR_EXE_Packed_SmartAssembly

Unpacked files

SH256 hash:

98ce1f7bf6df46d33daf8854fd00c042a88e34d6a9a483da0243f8b044233f76

MD5 hash:

d8c4e81b14b7cc9f18eac8a5465c2df9

SHA1 hash:

ee5415a2d97640dabd02250464534bedcc9b2b77

Link:

https://www.unpac.me/results/92368f73-378d-4cf8-90f7-80ff8755bf16/

SH256 hash:

226e43994bb440e688ffd85779240773ef75429531f4ca7581e686461577156e

MD5 hash:

050e8ef3fd8362cc1a82149639262e99

SHA1 hash:

d49bdabde22569129766cf88bf6bf9c8bc088d27

Link:

https://www.unpac.me/results/92368f73-378d-4cf8-90f7-80ff8755bf16/

SH256 hash:

b68c98bc01f4b4d09268ddd61d7590eb6db116ba564694145fe4cedaf1055fed

MD5 hash:

b9aa0902964788c6aa294b87d3db3a5e

SHA1 hash:

f79a9a03254536a94504f47d69f0e49223b5ca54

Link:

https://www.unpac.me/results/92368f73-378d-4cf8-90f7-80ff8755bf16/

SH256 hash:

069fef43dc8bef92e3ac18e5350e411877033c611be88bf9aa1c2034dd664603

MD5 hash:

2881f197e2b49ad8c2429d428ddb8ab2

SHA1 hash:

8d784dad83a2ff5aa5f30f219bd7b92c99f8ba88

Detections:

INDICATOR_EXE_Packed_SmartAssembly

Alert

Create hunting rule

Link:

https://www.unpac.me/results/92368f73-378d-4cf8-90f7-80ff8755bf16/

Parent samples :

9f58500972fe9038c23e03bbf762494b356e358aebd9125a0a55d9f9ffe042af
4708153c6d03a1d3c32475f529229073defc77516416b5d7b808a9fa345b74e1
f00b5fbe46481ef64e67801d8c03ac4166ab7758fb5faea3d66987f9e09c4aea
9d833b4a66beca22dcee2a030ffa0ff1a9c72eba3f9ee50eb412f56806915f87
3669763315f84b7a290c35dac2ede474e2f66915f0d3ddafb901f5bf38640d38
eaabbf2674a70aa254e89b831eb0caa7599e6fc3747e3380cea1ae5b4952d7db
70bb422c14c0a6b025b134c2f1a49c3e6c1ba206ab844f314a76dfeb308669f1
48640541d98ded5a850e2c281cd551eea3598502ab725bfa2ac4ce5f7846b3ed
9a1138a162bb083659fe3716b97ed51486af388c69929decf4db49577c826bd2
add05b10b13891172810c8f90bf624f892ad69fed993944491736cc283a31b01
7314bbdbc2d9f2a842b72db29af17e6e85ca93465a9d4ca53706c671eb86f68f
a581cd3affde45fe840caaee68d4896414839a2e863b00e248888bef5f7270dd
d97147a27a5e87a356dc86aa78f6f764805c16454453014d4b68d510487147d4
fcf48a9792abfda9d9c9d32c6e7348e4cf3fed606c4aea8acf4e2ba4fdf08caf

SH256 hash:

3f796fd1ccc930576da3852426204df4a11e7eb965104ccef7b972807b00c43d

MD5 hash:

6bed625638d94a94a4b3b72b86df7048

SHA1 hash:

6aa49fc40d8db7bd8724e6ac77482fa753b349e0

Link:

https://www.unpac.me/results/92368f73-378d-4cf8-90f7-80ff8755bf16/

SH256 hash:

7314bbdbc2d9f2a842b72db29af17e6e85ca93465a9d4ca53706c671eb86f68f

MD5 hash:

85967ab5e1cedd97ffde2fa45dafd17e

SHA1 hash:

cbf12ec1adb58aba62d0ae018911047836b4a125

Link:

https://www.unpac.me/results/92368f73-378d-4cf8-90f7-80ff8755bf16/

VMRay Malicious

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/7314bbdbc2d9/report/overview.html

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Malicious File

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/7314bbdbc2d9f2a842b72db29af17e6e85ca93465a9d4ca53706c671eb86f68f

File information

---

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

exe 7314bbdbc2d9f2a842b72db29af17e6e85ca93465a9d4ca53706c671eb86f68f

(this sample)

  

Delivery method

Distributed via e-mail attachment

Cape

https://www.capesandbox.com/analysis/467405/