MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8224d188f60fa7c7b60249b82cd7d94336542a8a21a57c9adcb00530e068f818. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8224d188f60fa7c7b60249b82cd7d94336542a8a21a57c9adcb00530e068f818
SHA3-384 hash: 2993775813f7e40b8ac3f6f17e3821acbffb335eb33d653cdf88eed30ebd514655d6a8ba25d12f047dee0be919e4f2a0
SHA1 hash: 4f44c0ee33a801064ceb39313a9d9c4a0f61a7b4
MD5 hash: ddb35ca208228d0a5772b9df332ce7bd
humanhash: iowa-ceiling-nuts-delaware
File name:ypvgscvb.40g.exe
Download: download sample
Signature FormBook
Create hunting rule
File size:321'024 bytes
First seen:2020-05-10 07:43:16 UTC
Last seen:2020-05-10 08:45:46 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'663 x AgentTesla, 19'478 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 6144:L+q01DtxaKV2jU8eeV5UYKPsFXz9yclF3Rz32pUcLosnjBgz6j1oOM:qD1B8aRyYPsFD8cFXcldEyoO
Threatray 26 similar samples on MalwareBazaar
TLSH 5C64F132AF565571CE5E4AF6513A1924833CC3CA8702E3958DC6B9571E9332C82E2F7E
Reporter abuse_ch
Tags:exe FormBook


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: trinity-global.pw
Sending IP: 173.82.255.125
From: Badrinath Naikwadi <director@trinity-global.pw>
Reply-To: franccmcleather@gmail.com
Subject: Bank slip copy
Attachment: ypvgscvb.40g.gz (contains "ypvgscvb.40g.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Ursu.866529.5196.2973.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Genkryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-10 01:13:23 UTC
File Type:
PE (.Net Exe)
Extracted files:
5
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qisndchwb6t4pnqcjg4czv6zim3fikukegsxzgw4wactbydi7ama._file
Verdict:
unknown
Similar samples:
0edd45b70fa551b13b37faf2146011fbdb3299e69f20bedb7e48c1710d3a0159
FormBook
442452b82edb2b18431c296669c78df1c88b210775e9a9b5d7726a1092a8fc6f
FormBook
6575a80b5fa70f2b72b0c5270e4bf316efbdda166b73267a783ebe8a56f3cd1e
FormBook
6ff25388a91cbed0a11467e592e39e34c54de49d61876a2a201554e67c5b8cb4
FormBook
cbb6d89187847aab1fcff6b5d832ea80bca30bfe5520702133cab83335392ead
FormBook
d73498e0aabb97375783af491aded66aa6710ba848247de3337f404fa02a35c0
FormBook
e43ee2ab62f9dbeb6c3c43c91778308b450f5192c0abb0242bfddb8a65ab883a
FormBook
ec639f932f7e3c075d735973cd493fe7a895bf660b4aff4fc4c97af08baf64b8
FormBook
fdafb44be84ea918c76a99f4c24c08fbe8de6648a4ad73614f77450aa2b43484
FormBook
ff5a506b69008ad7cc902dd5ca6b0fe6c2235e532b9b2421bf4b86dd2b13462b
FormBook
+ 16 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-5lvnzhl8ms/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

gz 7305735632ac8855b9718500944ccf58e84d2d7cbe15a4c374c4ed1391831266

FormBook

Executable exe 8224d188f60fa7c7b60249b82cd7d94336542a8a21a57c9adcb00530e068f818

(this sample)

  
Dropped by
MD5 e0975781ec13c6a5ae015cafccb6a46d
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 7305735632ac8855b9718500944ccf58e84d2d7cbe15a4c374c4ed1391831266

Comments