MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7eb04e3e53097f94075d3cc4520e7db6609049a858e4c14a78803d1b214abf47. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Formbook

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	7eb04e3e53097f94075d3cc4520e7db6609049a858e4c14a78803d1b214abf47
SHA3-384 hash:	1f383c50be6f81960aebe121787e493e5a646fa25c712fcaac9d58120f41c460e47a5289815e4aa26b943f79592d645f
SHA1 hash:	67f370723d052e3867fd691e901bd4ecfbcdc799
MD5 hash:	1770e93f57632bae798423b384d4ed6f
humanhash:	avocado-double-chicken-fourteen
File name:	GoHamLikeJonathanScott.ps1
Download:	download sample
Signature	Formbook Create hunting rule
File size:	469 bytes
First seen:	2022-07-13 19:49:22 UTC
Last seen:	Never
File type:	ps1
MIME type:	text/plain
ssdeep	12:s8AdjLPT27L87HGrdvhIW+4FiF7vQnD5j+CrBirmWIM0Jn:W/T27LmGrdB+4MF7vmD4GBsb0Jn
Threatray	17'831 similar samples on MalwareBazaar
TLSH	T13BF0DC134DD15061835CC22EF49DC70744D2ED09BAD6E1D0E9E08807ED02009C9BDE11
Reporter	Anonymous
Tags:	FormBook ps1

Intelligence

File Origin

# of uploads :

1

# of downloads :

266

Origin country :

n/a

Vendor Threat Intelligence

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

packed

Link:

https://www.filescan.io/uploads/62cf21ec3ec0b06899777ba0/reports/2e152368-488e-47c6-9582-3789e2293e4d/overview

Result

Verdict:

UNKNOWN

Result

Threat name:

FormBook

Detection:

malicious

Classification:

troj.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/1030558

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/7eb04e3e53097f94075d3cc4520e7db6609049a858e4c14a78803d1b214abf47/

Threat name:

Script-PowerShell.Downloader.Malgent

Status:

Malicious

First seen:

2022-07-13 19:50:04 UTC

File Type:

Text (PowerShell)

AV detection:

8 of 26 (30.77%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=p2ye4pstbf7zib25htcfedt5wzqjasnildsmcstyqa6rwikkx5dq._file

Verdict:

malicious

Label(s):

formbook

Similar samples:

024cb5cb433bfd8e1b5e55016311bd477800b58b662fbaea35af605669c61fa4

06b80b5b146259aedc1c2f1da5253e2ad1dadae5ba7577a8cc2ce93191f05fa1

200b12beed25783d323519d7b50cbe21ca6b27936885e0d834a04221d550f651

3b10fd5bae448476e22cca9c4b9b12263c089af68ebfeb7159ddaf2f4ec3e7bc

4af6ad9cb7c52362c67750fc09eb98b55e19d1e781ab91b2c8a62071c62eaf97

5065463a0daee4097021b36718a9a74eda255d717e2135c9715ac0781d60b7c2

a4f0b7a84a51c84c7d78a43964d2238e9c891f104ef69122c8f07dcdc3d7d8ef

bcc711216f936b8631255ef36c805bd978a55ce3516dce7693393fee91cc8022

ed02c3de60701f97271c578756211131d9d5e7bc141e77f97abfbe9d64ccc92b

ef5cc12819146a67c29bb28776868909815dcb9d41bac73afd68df8a8653028a

+ 17'821 additional samples on MalwareBazaar

Result

Malware family:

xloader

Score:

10/10

Tags:

family:xloader loader rat suricata

Link:

https://tria.ge/reports/220713-yj82zadbd9/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: MapViewOfSection

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Suspicious use of SetThreadContext

Checks computer location settings

Blocklisted process makes network request

Downloads MZ/PE file

Executes dropped EXE

Xloader payload

Xloader

suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

Malware Config

Dropper Extraction:

http://198.23.212.192/inv/oil.exe

Malware family:

XLoader

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/7eb04e3e5309/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/7eb04e3e53097f94075d3cc4520e7db6609049a858e4c14a78803d1b214abf47

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample