MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 82033c587c540fbcaec2ffdc139b837868711343f8a4e9ae61c306426028ace7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 82033c587c540fbcaec2ffdc139b837868711343f8a4e9ae61c306426028ace7
SHA3-384 hash: 1b41efcd49f358c376ab222ef349e246b5b57044cadb05e24bd3b880b41e46d02b95c2b5eb8488c34b242f0f921a9492
SHA1 hash: 2bdd8b338cba2fc1fd4ab4cea0be92020b91d85c
MD5 hash: 1b4ec59e7a7f9c548454dd5590eb3ff1
humanhash: low-eighteen-gee-uncle
File name:Packing List.exe
Download: download sample
Signature FormBook
Create hunting rule
File size:367'104 bytes
First seen:2020-04-30 09:21:00 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'748 x AgentTesla, 19'642 x Formbook, 12'245 x SnakeKeylogger)
ssdeep 6144:KknTRz7Rz8wQekWjLQrHsXC+AOVeeRbLh62yVnCMu2ou9DXLPs+jID9LnTxv1Rzr:KWZRmehcH+vw0bLhn6nCMuGXPOD9LnTh
Threatray 5'117 similar samples on MalwareBazaar
TLSH 6D74E01776C88847C99E08F54433724847B5BF4AA91BE7CE2C9576FE66F27D1230A243
Reporter abuse_ch
Tags:exe FormBook


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: ankainflatable.com
Sending IP: 5.79.121.92
From: sale5@ankainflatable.com
Subject: RE: INVOICE AND PACKING LIST
Attachment: Packing List.pdf.z (contains "Packing List.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-30 04:55:38 UTC
File Type:
PE (.Net Exe)
Extracted files:
11
AV detection:
24 of 31 (77.42%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qibtywd4kqh3zlwc77obhg4dpbuhce2d7csotltbymdeeybivttq._file
Verdict:
malicious
Similar samples:
043ba161ac2f0d30c5a15799d3ce26ec63989d278f58867aeff64ce7ecb41f42
FormBook
753c4a5c9bceed532539009df6ac3e0aa3c131297a082a2ee8ce6e94b05ced35
FormBook
8b9bbca00335521a8fa45d5abf271ccf0eac27d70e44140355f7af671c3dbe7e
FormBook
8cac0e47c8769e535bb8d4c6fc749aec4be79589a303cc89144cf07b2ba91b91
FormBook
9f4f34d29b570678e75a8d37f943eca1e305f49e16e9ef39e0dd6a98746b164f
FormBook
a32eb45d58adc9019886bb3103c8b90b7fc9d8de514bfd3834dc6c626b14a6d1
FormBook
b24a5df4c63722afbed1e3807b18fcc065008ec3431de146dbf3657dffa00893
FormBook
c0e1210ec3e11a5d71cdbf2edfb199539f891a1bdb27ccd97eaf0fb70891c615
FormBook
f38d170b1da421aa60e778a64fec953d3058336f7cb06568ba7926495fe87f0c
FormBook
f99691f533ca56e970f2be2d26ea424ac50bff2aa2bfd43482d0a166bece71eb
FormBook
+ 5'107 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

z 31888fc1de21824407a24ac5b5c6db1738604d2d02e0d8aa15afcfe8fac7e2a4

FormBook

Executable exe 82033c587c540fbcaec2ffdc139b837868711343f8a4e9ae61c306426028ace7

(this sample)

  
Dropped by
MD5 9c4290d66313c02649579f548b71a5b8
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 31888fc1de21824407a24ac5b5c6db1738604d2d02e0d8aa15afcfe8fac7e2a4

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments