MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 835a07892da8239d71f31f59c444f229ef01a5abffc4ff29b8a21820a43c18b3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 835a07892da8239d71f31f59c444f229ef01a5abffc4ff29b8a21820a43c18b3
SHA3-384 hash: c539ee8feac9e3ff8c1ff08be6a2eb6c1cf969c7347f199c96023126d2f66b70db6838f82adfd0fb0d083d7903975276
SHA1 hash: a68b88e8b8db9739b4604e8fab05491992067e99
MD5 hash: 52da15cdcb070ffc0e51dbdf2e41e084
humanhash: juliet-november-august-bakerloo
File name:52da15cdcb070ffc0e51dbdf2e41e084
Download: download sample
Signature FormBook
Create hunting rule
File size:539'136 bytes
First seen:2020-11-17 11:54:53 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'742 x AgentTesla, 19'606 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 12288:ADYt8LFw4Nb50MAcn4ZnfNkXpO44niTHzQneL4:Ac87behnfN8pOdq+E
TLSH 16B4F1B252B26E9DE35E0EF3A0E226081EB77D1B5A3CD50D7AB830D93173B4846507B5
Reporter seifreed
Tags:FormBook

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/835a07892da8239d71f31f59c444f229ef01a5abffc4ff29b8a21820a43c18b3/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-11-11 05:40:11 UTC
AV detection:
21 of 28 (75.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qnnapcjnvarz24ptd5m4irhsfhxqdjnl77cp6knyuimcbjb4dczq._file
Result
Malware family:
formbook
Create hunting rule
Score:
  10/10
Tags:
family:formbook rat spyware stealer trojan
Link:
https://tria.ge/reports/201117-tzp1esb4vs/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Formbook Payload
Formbook
Malware Config
C2 Extraction:
http://www.leeaross.com/k8b/
Unpacked files
SH256 hash:
835a07892da8239d71f31f59c444f229ef01a5abffc4ff29b8a21820a43c18b3
MD5 hash:
52da15cdcb070ffc0e51dbdf2e41e084
SHA1 hash:
a68b88e8b8db9739b4604e8fab05491992067e99
Link:
https://www.unpac.me/results/984d3f1c-a34f-4b8d-ac15-816207239cc6/
SH256 hash:
cb951f1d2b5460456aad0d89cef1216d9be5e51784d11a92447d43e96177bd5e
MD5 hash:
8cd5d2014866f4ef60802ff1826998a6
SHA1 hash:
8ff75946905d0b117080cc5a07e6e0bbea4e9bbd
Link:
https://www.unpac.me/results/984d3f1c-a34f-4b8d-ac15-816207239cc6/
SH256 hash:
28fd96527e21a11965c924e97b2bba674bcea888d92928011970d5a6cccfe638
MD5 hash:
5f03f0a6bfb8d6e981789a6457401bce
SHA1 hash:
e4f033488331fdabfdd7cda394d7072c9effdce8
Link:
https://www.unpac.me/results/984d3f1c-a34f-4b8d-ac15-816207239cc6/
SH256 hash:
54121628dcacfe91d7d106a9e116178493f881862046374570813d806f6c0200
MD5 hash:
e21ae100a69672a4079f73a81b467e49
SHA1 hash:
41ebaa4c5b0df6d44451ea3b15d97ed355c621f0
Detections:
win_formbook_g0
Create hunting rule
win_formbook_auto
Create hunting rule
Link:
https://www.unpac.me/results/984d3f1c-a34f-4b8d-ac15-816207239cc6/
Parent samples :
7bbb0115208c57bc42a9801afbdfeac6b417269c16739787c4f7a792bfa94c88
8ca4a5887d8506ae275cdc9d9ba89dab07e2997435435a1f0bd111f78ad0a382
835a07892da8239d71f31f59c444f229ef01a5abffc4ff29b8a21820a43c18b3
c7e93fe8f7bd0a1e708823e88ca6a04b53a2aaf4b46a9940aafbf4ac66d60820
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments