MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 75ac4abf4dd4f869a600ac69f6976e0171a5247d5f2f5400d3c0e727e5b3dcdf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 75ac4abf4dd4f869a600ac69f6976e0171a5247d5f2f5400d3c0e727e5b3dcdf
SHA3-384 hash: b9b822e19ba76d4fa9d3be360b365f7b9b582738531703c05f9dcbfde7a796a98d6cf95dd2b9e481f77e3803e7d6cd8a
SHA1 hash: 2867fe9eb5273d5cac2315a6ec84915369500d75
MD5 hash: 1be33bb40bcce05b5918bfc91ab93ada
humanhash: ceiling-july-oven-massachusetts
File name:Design Template.gz
Download: download sample
Signature Formbook
Create hunting rule
File size:299'901 bytes
First seen:2021-04-12 12:23:21 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 6144:nhi5CM97Pj+1QTXBvhdqpUC9R7awjHp5/tNSV6:nh6CM9mQTXC99/HFb
TLSH A2542393F13062BE9CB34877823CD066710795A3C8EA35B652249E727D1C988BA4D7FD
Reporter abuse_ch
Tags:gz


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: smtp2.hiworks.co.kr
Sending IP: 121.254.168.210
From: "escos" <escos_et@escos-et.com>
Reply-To: "escos" <escos_et@escos-et.com>
Subject: Drawing for Our New Order
Attachment: Design Template.gz (contains "Design Template.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
103
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.15323.16550.UNOFFICIAL
Create hunting rule

Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/75ac4abf4dd4f869a600ac69f6976e0171a5247d5f2f5400d3c0e727e5b3dcdf/
Threat name:
Win32.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2021-04-12 12:24:07 UTC
AV detection:
5 of 48 (10.42%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=owwevp2n2t4gtjqavru7nf3oafy2kjd5l4xviagtydtspznt3tpq._file
Result
Malware family:
xloader
Create hunting rule
Score:
  10/10
Tags:
family:xloader loader rat
Link:
https://tria.ge/reports/210412-fhg54vwdgj/
Behaviour
Gathers network information
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of UnmapMainImage
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Deletes itself
Xloader Payload
Xloader
Malware Config
C2 Extraction:
http://www.zq2003.com/ma3c/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/75ac4abf4dd4f869a600ac69f6976e0171a5247d5f2f5400d3c0e727e5b3dcdf

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

gz 75ac4abf4dd4f869a600ac69f6976e0171a5247d5f2f5400d3c0e727e5b3dcdf

(this sample)

Formbook

Executable exe 5397f0168be76c7e5efee936d341eb359b9015af5e77631129dc0664105e9259

  
Dropping
MD5 56d56566623a2bc942141b56f9dd3da5
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5397f0168be76c7e5efee936d341eb359b9015af5e77631129dc0664105e9259

Comments