MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 782999121ca089a150f34c3527a7e1c1a5f9c59a73034e3bf6ca166c590a47f3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 782999121ca089a150f34c3527a7e1c1a5f9c59a73034e3bf6ca166c590a47f3
SHA3-384 hash: 0f0e3f8d4736676beb835671498daa87f41a1c58f4e0cd82933c21ce0324bb144c3e899b3c088e756cc95a45d703c751
SHA1 hash: 72fff102b89062882455b82856c07ab20ef5df17
MD5 hash: d0578e0879c72225110c109fdc08ad0f
humanhash: foxtrot-lion-apart-october
File name:MPO1005074.exe
Download: download sample
Signature FormBook
Create hunting rule
File size:456'704 bytes
First seen:2020-04-29 18:46:04 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 6144:c6q4IY5YYx549drHJLvTSZ8mq8GSXcpdzyQ3NDTyu8QXrvBSwV00sz2ZnX:V5grpLTS+mq8GSMj/QQbvBmHzU
Threatray 4'878 similar samples on MalwareBazaar
TLSH 87A49CA6527C1EFBF8ED3CF652038B6D6A540C959D71E240D8AF38D9E877683C8152C2
Reporter abuse_ch
Tags:exe FormBook


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: 3sapparel.co
Sending IP: 111.90.140.230
From: Carolyn Mulcahy <Carolyn@calibre.com.au>
Reply-To: patbonnantakui@gmail.com
Subject: URGENT INQUIRY.
Attachment: MPO1005074.rar (contains "MPO1005074.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Score-7597125-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-29 04:46:12 UTC
File Type:
PE (.Net Exe)
Extracted files:
48
AV detection:
29 of 31 (93.55%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pauzseq4uce2cuhtjq2spj7bygs7trm2ombu4o7wzilgywiki7zq._file
Verdict:
malicious
Label(s):
netwirerc
Create hunting rule
Similar samples:
1574a880c708c505d7055fa0c40ac75792d9eca7567e53f51c123928785acde0
FormBook
41baebffaddb418b4eca6aff0e3837100c93b9b025be18ebc887493f10608a13
FormBook
799f11327960ae9d85650736dc87515a5edaad3c14ddaceeb0214136f33498a0
FormBook
841b9682f1bcb94cc4c510c2564791004f3d1c26ae764c42c145fe16ab093901
FormBook
be100d30450e36b7bdded9c44514e7d3bcf9b24d9ef7f07f1ed6f4b1f9cbf930
FormBook
d34d8c49cd2a0b39fb3fc65ce6d5111611efc97e6a80a1f2a34853695b8a3221
FormBook
d7980c1e8ee9c38009cacdbc00f12940564aa7b33bc35ccc67510aeb57b75e2e
FormBook
f310aa4f6cb0b3c3d237d13640594dd0a06f8c42ab5ecd1cba3daecc860129bf
FormBook
f597fc149ad055ccfeddf58c3547b06ad4197190d39af11cc260fe65a53da7fc
FormBook
fdc67b7ce3f138fdabedcdfb99031b8dfcfffa0d91304dfba7715c9530642837
FormBook
+ 4'868 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar aa88dfd4aa3ba54062d18819a564a80480c8201f0f5300982ea91974bdbf67cc

FormBook

Executable exe 782999121ca089a150f34c3527a7e1c1a5f9c59a73034e3bf6ca166c590a47f3

(this sample)

  
Dropped by
MD5 4edea468c52e91c614cf055d47085070
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 aa88dfd4aa3ba54062d18819a564a80480c8201f0f5300982ea91974bdbf67cc

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments