MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7f8a29ff865bd05d0b2b0c917a302529882b234434238cd3477d53343915e59d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Formbook

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	7f8a29ff865bd05d0b2b0c917a302529882b234434238cd3477d53343915e59d
SHA3-384 hash:	4b11e41b99aef8015aaa1a14963087a875164bb67edfb1e86f15db50851ebacc48a0a6dbddd615304f8f448b4e6658fc
SHA1 hash:	685dc18471494cb4ed2725cd6680ea431e1e2083
MD5 hash:	c57ca398b2071c6d729c4915f938ae9d
humanhash:	kitten-xray-mirror-arkansas
File name:	alıntı.exe
Download:	download sample
Signature	Formbook Create hunting rule
File size:	277'227 bytes
First seen:	2022-02-08 16:05:30 UTC
Last seen:	2022-02-08 16:24:05 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	099c0646ea7282d232219f8807883be0 (476 x Formbook, 210 x Loki, 107 x AgentTesla)
ssdeep	6144:owBLYL1WGLs9tLU2uSglRnRCBIp7TuewcshPBcENMvq0IhY2f:9SWwsLgrRnRBpXJ25c0M/e9f
TLSH	T1044412D5B0C89897E06A0CB11637561CD2FDB3066B164BEF6FB40F9E21212C16F6B5CA
File icon (PE):
dhash icon	b2a89c96a2cada72 (2'283 x Formbook, 981 x Loki, 803 x AgentTesla)
Reporter	GovCERT_CH
Tags:	exe FormBook

Intelligence

File Origin

# of uploads :

# of downloads :

170

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/238325/

Detection(s):

SecuriteInfo.com.FakeAV.CXA.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

DNS request

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

control.exe overlay packed shell32.dll

Link:

https://www.filescan.io/uploads/62029522c79b424d7208b7bf/reports/f428d3a9-cf1c-4b06-9e57-9d1ef699a8af/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Formbook

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/1789c294-8bda-46db-95dc-adba9b30542c

Result

Threat name:

FormBook

Detection:

malicious

Classification:

troj.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/936299

Behaviour

Behavior Graph:

n/a

Detection:

formbook

Link:

https://mwdb.cert.pl/sample/7f8a29ff865bd05d0b2b0c917a302529882b234434238cd3477d53343915e59d/

Threat name:

Win32.Trojan.FormBook

Status:

Malicious

First seen:

2022-02-08 16:06:13 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

23 of 28 (82.14%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=p6fct74glpif2czlbsixumbffgecwi2egqryzu2hpvjtioiv4woq._file

Verdict:

malicious

Label(s):

formbook

Result

Malware family:

n/a

Score:

4/10

Tags:

n/a

Link:

https://tria.ge/reports/220208-tj4d9sabfk/

Behaviour

Checks processor information in registry

Modifies data under HKEY_USERS

Enumerates physical storage devices

Drops file in Windows directory

Unpacked files

SH256 hash:

0466e3a40ccdf42cbb1de109aa3e0aee3f2cc910be1da3198d9cddd1b5783358

MD5 hash:

2205b8448fef03808d29327e94a4c5f5

SHA1 hash:

d9f6b0a71e0312da2033a613546f68b183b5d196

Detections:

win_formbook_g0

win_formbook_auto

Link:

https://www.unpac.me/results/5483d2ee-08b5-4694-95f1-24f86a60373a/

Parent samples :

7f8a29ff865bd05d0b2b0c917a302529882b234434238cd3477d53343915e59d
87cca4e4ba65094241bbb379ca3677932f6e399ece811334a07a72ff5b3073f8
9038f8cd3e315d9383dfb4df16b0256e1b22ea91f351ee202a0de5848af58f5e
4b11b45c019f5c15f5568d5c1258cb1cb077aaf59bdff581e5efc280047f62ab
89b5fe507c2a2bd672201bc794535270d0d3a6b8743769dfbb2c864a4013c6e1
8835f1b054292518021c1af86499d45e5e7f232038155822d291d476a8447c7e
8230050be18082cbd46028e18bd49362c630c8c63dfc8b6875b605f250fadda3
e5b099ed2396bc0fe1cd0f366a8c886f19d7341bf8bdc8ee190da79218b818b0
709f1b3849f681e9d1ba6d9af4bcc9442930ca73ca314ac0a7866cb9ae4851eb
5c70d3f5ea7e1b14f9d0018c7b3d140d4cb28b703556e61b8d44e19ffa254aec
701f59778fe938ff06ceff39c9c957a7479e1db559d2996adefe8e09edd46d71
8f56d5aba891600d6c163c0c1f8a8657c13a998bb82d0f5bb101c8afa6e0d977
ba4ae6165adc31b6fb55ea31e7d9360198efb4937258472728f5e89d4219b803
46cd865e4436d5c43c1d5ff76d6dc1c7468760df1b7d4f84060b7d429e0ab74d
472fce69055da6dee0ab8f9bfc0fd3979a766aec390cd6bd5bb01483e27cdce5
2c096e676a791721c8988f951f06c87c4306f34befe39b04991286143b755c9e
eb77b393777ae1d97050ecc4e86bb7e3428016471b112a7ca0f2c3376427b3f5
e6373eddd3eea61d770a921ee1f63f43145fafef60b2303bb8d2633a895f6b86
f7eca54a50a6a758f8a52f950636e4554a5a1b5a070d9f51351febabc536f381
504f9cfb57d744991ced959382ce16c496f8905c8181c70a1e1a28b06d3078e1
631ac6c362a98070ff6afbfb5d35b9e87d02d67d4303e6311a37ac22b6806fb1
8a0974b9853f5dc8c7d7fae0027b6e8e154c5822ceb0595adc00e8f2572198f1
a7a4e7d899c691004be7af69a5d3006c82d268a78259c8c1b7348bcb20a9da9f
947c4ecb835107a21a1832ced84082343a9ea6448cc391910f7d5e680e113c1d
178290b5c5120a28e46d4990489739f35a287ac7e716cfae4ccec002d0c6177b

SH256 hash:

bcbb659f736066c6f238e9aceca831cd80e48fd2d7484495f855dbfa5324bb4e

MD5 hash:

73875355c3fb192fd3678f41d1ce0647

SHA1 hash:

3d63cf2e4c666169daaef5dddd655afda4d164e6

Link:

https://www.unpac.me/results/5483d2ee-08b5-4694-95f1-24f86a60373a/

SH256 hash:

7f8a29ff865bd05d0b2b0c917a302529882b234434238cd3477d53343915e59d

MD5 hash:

c57ca398b2071c6d729c4915f938ae9d

SHA1 hash:

685dc18471494cb4ed2725cd6680ea431e1e2083

Link:

https://www.unpac.me/results/5483d2ee-08b5-4694-95f1-24f86a60373a/

Malware family:

FormBook

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/7f8a29ff865b/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

exe 7f8a29ff865bd05d0b2b0c917a302529882b234434238cd3477d53343915e59d

(this sample)

Dropped by

formbook

Delivery method

Distributed via e-mail attachment

Cape

https://www.capesandbox.com/analysis/238325/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample