MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 772d929d92df65dbf1317692104071529b8519e077df827e5d02dc59c5ede773. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 772d929d92df65dbf1317692104071529b8519e077df827e5d02dc59c5ede773
SHA3-384 hash: f1e6289c063acd38f41bb68dbe7a74fd507b4c2aa6f5a0fba16142b1d0c52a5ce78e492fcd6ce21216111655dc2a0897
SHA1 hash: da0c0103ce97465eb8da9ce3e6a572235e22d472
MD5 hash: eaffb53859519d8720211f3e1620fd0f
humanhash: oranges-grey-princess-iowa
File name:vbc.exe
Download: download sample
Signature Formbook
Create hunting rule
File size:305'572 bytes
First seen:2022-03-03 17:18:59 UTC
Last seen:2022-03-03 18:46:01 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 7fa974366048f9c551ef45714595665e (946 x Formbook, 398 x Loki, 261 x AgentTesla)
ssdeep 6144:rGixpBtC3Ujzx0I18NxwT7M8FwATJr8TfTGpXhVK:NpT7d0Y8bwT7M8FDTJrQb8vK
Threatray 13'948 similar samples on MalwareBazaar
TLSH T14554122BA4D16EB7D28A563021B7A27EF3FF5285043107676BA81FF24E52D571C182E3
File icon (PE):PE icon
dhash icon b2a89c96a2cada72 (2'283 x Formbook, 981 x Loki, 803 x AgentTesla)
Reporter James_inthe_box
Tags:exe FormBook

Intelligence

File Origin
# of uploads :
2
# of downloads :
257
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/247069/
Detection(s):
SecuriteInfo.com.Trojan.NSISX.Spy.Gen.2.21943.30191.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file in the %temp% directory
Creating a process from a recently created file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Formbook
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/2ab5cc26-759f-4e83-825e-89cf3f89e39a
Result
Threat name:
FormBook
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/950232
Signature
Antivirus detection for URL or domain
C2 URLs / IPs found in malware configuration
Found malware configuration
Malicious sample detected (through community Yara rule)
Yara detected FormBook
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 582718 Sample: vbc.exe Startdate: 03/03/2022 Architecture: WINDOWS Score: 76 16 Found malware configuration 2->16 18 Malicious sample detected (through community Yara rule) 2->18 20 Antivirus detection for URL or domain 2->20 22 2 other signatures 2->22 7 vbc.exe 18 2->7         started        process3 file4 14 C:\Users\user\AppData\Local\Temp\uhedn.exe, PE32 7->14 dropped 10 uhedn.exe 7->10         started        process5 process6 12 uhedn.exe 10->12         started       
Detection:
xloader
Create hunting rule
Link:
https://mwdb.cert.pl/sample/772d929d92df65dbf1317692104071529b8519e077df827e5d02dc59c5ede773/
Threat name:
Win32.Trojan.FormBook
Create hunting rule
Status:
Malicious
First seen:
2022-03-03 17:07:31 UTC
File Type:
PE (Exe)
Extracted files:
3
AV detection:
21 of 27 (77.78%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=o4wzfhms35s5x4jro2jbaqdrkknykgpao7pye7s5aloftrpn45zq._file
Verdict:
malicious
Label(s):
formbook
Create hunting rule
Similar samples:
0da36b7f7e4b44b640ab5769532fdd7599032ca2b1d6b57807ba48ad1fa76780
Formbook
5f8d69976e4d3c9b6508cd376dcab4971a605d8d1122952ad604f7b48d2ef1e1
Formbook
75362f20dab8d57db3ade6427e647b0bc01d8345ccfa9781d5778877f04f7fb5
Formbook
9de751536a55984df4e0686ff47bbe5553906d4b2e2559d7afc019fcb7d4eb4a
Formbook
9e6a92df11bb23b335d5bbf85731a1ea96f6c4038a24c2e4edb28e2169804c30
Formbook
acf40f9d3eea74324291c55f5ab8d3678e0dcc085581bdd9cf66897f4324bc3c
Formbook
cfd1a77378decd68cd7a59307b77b93247bdd91e00de5111ecae6b5658c8665f
Formbook
f80dd0bf7402bebd03d303c97c8dd3f921d3e923a2521f4a2af2e4bf3c288aa1
Formbook
+ 13'938 additional samples on MalwareBazaar
Result
Malware family:
xloader
Create hunting rule
Score:
  10/10
Tags:
family:xloader campaign:ign6 loader rat
Link:
https://tria.ge/reports/220303-vvt6eacaa6/
Behaviour
Gathers network information
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Loads dropped DLL
Uses the VBS compiler for execution
Executes dropped EXE
Xloader Payload
Xloader
Unpacked files
SH256 hash:
772d929d92df65dbf1317692104071529b8519e077df827e5d02dc59c5ede773
MD5 hash:
eaffb53859519d8720211f3e1620fd0f
SHA1 hash:
da0c0103ce97465eb8da9ce3e6a572235e22d472
Link:
https://www.unpac.me/results/6f9634f6-7c5e-435e-afa5-63cd46a347d8/
Malware family:
XLoader
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/772d929d92df/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.18
Link:
https://yomi.yoroi.company/submissions/772d929d92df65dbf1317692104071529b8519e077df827e5d02dc59c5ede773

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/247069/
  
URLhaus
https://urlhaus.abuse.ch/url/2074263/

Comments