MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 76539c09f989d3cc938d6984f9ee8b6680fe2416822d63bf53a1712aaf9b695f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

FormBook

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	76539c09f989d3cc938d6984f9ee8b6680fe2416822d63bf53a1712aaf9b695f
SHA3-384 hash:	a56481992c56f16fe82d869a8577ba3e4cc726e20f9f405b4d97b08e7cf6865bbf040244466d74b2abc1de7f25423423
SHA1 hash:	54ebffe0cb2e506f58ca3bdf8bf6c616a9d45543
MD5 hash:	f0180faba8f1448ee04266bb11455c26
humanhash:	three-arkansas-enemy-papa
File name:	nemam.vbs
Download:	download sample
Signature	FormBook Create hunting rule
File size:	7'811 bytes
First seen:	2020-07-10 10:53:19 UTC
Last seen:	2020-07-10 11:03:29 UTC
File type:	vbs
MIME type:	text/plain
ssdeep	192:+cuzsupuJiY5WP17kYcs9W79WP6misHmRNWZdY9WG7ZsdMJJXWi9HDCZeWC9WPEW:JCs6Nr5/i//L/n/i//L/F
TLSH	1EF1012CCA678E908043DF815EF5E181636E8EF5DAED09B1A225CC3F5744F78B9E0591
Reporter	oppimaniac
Tags:	FormBook

Intelligence

File Origin

# of uploads :

# of downloads :

102

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/24359/

Detection(s):

SecuriteInfo.com.VBS.DownLoader.2018.6263.11959.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Using the Windows Management Instrumentation requests

Launching a process

Creating a process with a hidden window

DNS request

Possible injection to a system process

Sending an HTTP GET request to an infection source

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/76539c09f989d3cc938d6984f9ee8b6680fe2416822d63bf53a1712aaf9b695f/

Threat name:

Script-VBS.Trojan.Bluteal

Status:

Malicious

First seen:

2020-07-10 10:55:05 UTC

AV detection:

13 of 29 (44.83%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=ozjzycpzrhj4ze4nngcpt3ulm2ap4jawqiwwhp2tufysvl43nfpq._file

Result

Malware family:

n/a

Score:

10/10

Tags:

n/a

Link:

https://tria.ge/reports/200710-1s5qz4bfhs/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Drops file in System32 directory

Blacklisted process makes network request

Process spawned unexpected child process

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/24359/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample