MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 751fb21a072dc731a17478bec40fe550f4fc6be13fb6079f38d9fc19b41021cf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 751fb21a072dc731a17478bec40fe550f4fc6be13fb6079f38d9fc19b41021cf
SHA3-384 hash: 79d619a18bd3c757fc37d0e069d1b538640a9f20fd33a0d306fea34af14b280b2bc63a6f4d7d4c4e0c3bd5bce3ddb92a
SHA1 hash: fee021d5dcca422da0c2b0765f745785da12ff24
MD5 hash: c027b2558e5ce563821621d65a396625
humanhash: california-july-moon-foxtrot
File name:c027b2558e5ce563821621d65a396625
Download: download sample
Signature Formbook
Create hunting rule
File size:493'073 bytes
First seen:2022-02-01 19:25:09 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 099c0646ea7282d232219f8807883be0 (476 x Formbook, 210 x Loki, 107 x AgentTesla)
ssdeep 12288:Sjeq+8mXGcYnUNVQ79bP0YU2Rc8TqfrX3kX:Sjeq+8mX5UUbi01OcSqU
Threatray 13'483 similar samples on MalwareBazaar
TLSH T175A4AED527244D8BC08022789FC2EB395F785FF55F008119B6E12EBBBABE756AC42711
File icon (PE):PE icon
dhash icon 00525232c8cc2408 (10 x Formbook, 4 x RedLineStealer, 1 x AveMariaRAT)
Reporter zbetcheckin
Tags:32 exe FormBook

Intelligence

File Origin
# of uploads :
1
# of downloads :
152
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/229313/
Detection(s):
SecuriteInfo.com.FakeAV.CXA.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Creating a file
Unauthorized injection to a recently created process
DNS request
Sending a custom TCP request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
control.exe overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/61f989526d25ac9e79f7622b/reports/829bb7f6-f3c9-45fc-9c2c-de1a22da7ed5/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
RaRansomware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/1845ecb7-b8b6-4c8d-8fe3-fb6a1b6f1dae
Result
Threat name:
FormBook
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/932012
Signature
Antivirus detection for URL or domain
C2 URLs / IPs found in malware configuration
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected FormBook
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/751fb21a072dc731a17478bec40fe550f4fc6be13fb6079f38d9fc19b41021cf/
Threat name:
Win32.Trojan.SpyNoon
Create hunting rule
Status:
Malicious
First seen:
2022-02-01 18:55:20 UTC
File Type:
PE (Exe)
Extracted files:
4
AV detection:
22 of 28 (78.57%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
formbook
Create hunting rule
Similar samples:
11d9365302786fe34113c070a9e6ed32a7209c8de10eb21ef8d4a8eeb1215d41
Formbook
12876a9ad6e0bd4cf0d4fd1edbc14eedf3bcc96bee95391bad387893bb07fa8c
Formbook
25e27456f236ae75c89c06eb790508b0bed0b18f05b8a65c01dc983609e8e387
Formbook
64c7583a94ab474b9cd3509e8ca73eb7a19e70ffc2c4fa4582ccd7fd3f10c5ec
Formbook
9de751536a55984df4e0686ff47bbe5553906d4b2e2559d7afc019fcb7d4eb4a
Formbook
9e6a92df11bb23b335d5bbf85731a1ea96f6c4038a24c2e4edb28e2169804c30
Formbook
a1bf6120b566e76d3df3b722c1a517fe69b74e670d70bde100c4cf04e3ee947e
Formbook
cfdf477d386cab73129ac775a953d693466176d4d4854d06d580125a8f20f9e6
Formbook
da99d68a728c3a14d186c03c30b551914fe57073f231d334be7955131cb5f921
Formbook
e0b985ed9547d4799d352c98ed428c0ba78e3abfec8897ec406ea07f306cb982
Formbook
+ 13'473 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/220201-x5h71aagfm/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Enumerates physical storage devices
Program crash
Loads dropped DLL
Unpacked files
SH256 hash:
d3fd1fa7a2e12c9fbd3a83f41f600a10ffba328e96a0bc74b0c28fcc2ed6ad0d
MD5 hash:
6590457d78e71a4ecfb06ca14158c518
SHA1 hash:
6e947d48edde5e585ac612c3398b8fcead2ef3d6
Link:
https://www.unpac.me/results/198af297-62ff-427e-aedd-7355ad1a8983/
SH256 hash:
751fb21a072dc731a17478bec40fe550f4fc6be13fb6079f38d9fc19b41021cf
MD5 hash:
c027b2558e5ce563821621d65a396625
SHA1 hash:
fee021d5dcca422da0c2b0765f745785da12ff24
Link:
https://www.unpac.me/results/198af297-62ff-427e-aedd-7355ad1a8983/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.43
Link:
https://yomi.yoroi.company/submissions/751fb21a072dc731a17478bec40fe550f4fc6be13fb6079f38d9fc19b41021cf

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Formbook

Executable exe 751fb21a072dc731a17478bec40fe550f4fc6be13fb6079f38d9fc19b41021cf

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2022023/
Cape
Cape
https://www.capesandbox.com/analysis/229313/

Comments


Avatar
zbet commented on 2022-02-01 19:25:10 UTC

url : hxxp://65.2.143.8/400/vbc.exe