MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 75952934e5ef6bb74f29c3320ef112e219cc953dc5ed8c351d742448f61161ff. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 75952934e5ef6bb74f29c3320ef112e219cc953dc5ed8c351d742448f61161ff
SHA3-384 hash: f3d6047560b93e538db361ac108e5b17662f60f07e69e15ea9a9a1c9b4e0025dd044c078217284eed25ef25f6adc53e4
SHA1 hash: 401ab4d705dfd2fa401ceda974cea623d4d773bb
MD5 hash: 494a613b4431fab36d742a03b9346f38
humanhash: comet-neptune-vermont-london
File name:Demand.exe
Download: download sample
Signature Formbook
Create hunting rule
File size:318'976 bytes
First seen:2020-05-01 13:21:23 UTC
Last seen:2020-05-01 13:50:15 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 6144:ChceE3nO5W89YL9robIps/K4pFZyAMProaUpZJTyDrNyQBkSaI:Chcev5W82M22pFmPUaU0Fyg
Threatray 5'113 similar samples on MalwareBazaar
TLSH E964F12D8A84EA2BC6AD0278CC31974683F480C56C07F7874FE270B8697F7D55951EBA
Reporter abuse_ch
Tags:exe FormBook


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: wikiweblog.com
Sending IP: 96.9.210.250
From: Louise <info@wikiweblog.com>
Reply-To: louise@bezi.com.au
Subject: Rate Required for PO - 01-05-2020
Attachment: Demand.zip (contains "Demand.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
103
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.43642.12269.680.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-01 03:43:15 UTC
File Type:
PE (.Net Exe)
Extracted files:
4
AV detection:
26 of 30 (86.67%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=owkssnhf55v3otzjymza54is4im4zfj5yxwyyni5oqser5qrmh7q._file
Verdict:
malicious
Similar samples:
11892c93ce6ecc668a92bcbb2e618edbc40f87cea8938e2dbe7061cbc6d1f689
Formbook
16e85e5268ed68c1741fd6293948d18a7ac9a2854e0938a015f8a894469f88b6
Formbook
2084e95f6624b243760b5ac8e5f486168a84a08cb0d71b285f01720ebd77ee8f
Formbook
228e2e5ff30fec5cdde918f48e98664d9bf1f77f550666baa21208ca9b047af4
Formbook
3a7e2e98243c188fbda3734b22856c30febb41d1f7e0ddbc034906288aa72dae
Formbook
8842ac3497c777517b2f18152eabaa0994a460d249773a5e89a4e16bca2bd741
Formbook
9b8a6fb8c7c1b4543c6076d63b4fadeeb78f2e2f87267f53728102ee7daab41c
Formbook
9d545cae8b73e11800aaf794b2919bb8972511e4e217eaf1a51c3f38c17bb412
Formbook
b9cd83c667b694ec10f884183b138beeb0f986a7d3c50af463535852f2fa0663
Formbook
f3f3cda95f4d655f189381268676beef7ab70ed8355ff178abcad416c71adb22
Formbook
+ 5'103 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip 5114955491d5400511f2c6d6efdc4338d0f7ef7b85f4f3b1d66ffa78f796b81a

Formbook

Executable exe 75952934e5ef6bb74f29c3320ef112e219cc953dc5ed8c351d742448f61161ff

(this sample)

  
Dropped by
MD5 c9ff3c2135d57620806738a498933592
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 5114955491d5400511f2c6d6efdc4338d0f7ef7b85f4f3b1d66ffa78f796b81a

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments