MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8604efbf9ca295f28b5850c7c97568363c838bf8a4ed88bc6db6b12b5f24a166. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Formbook

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	8604efbf9ca295f28b5850c7c97568363c838bf8a4ed88bc6db6b12b5f24a166
SHA3-384 hash:	d2fee3a7c17cbb45a4c19663d182e5cbfb36ee8e65b23641e3f0c0f3d4e1f5084a9befa2511fb4f07d7b9adfe8ae58fa
SHA1 hash:	6fc0a382dc07e4c5bd4d65a52bc88aabc1e4aa10
MD5 hash:	cdc2b393adcf7921fccfbfe39b19ce05
humanhash:	minnesota-oranges-pluto-yellow
File name:	cdc2b393adcf7921fccfbfe39b19ce05.exe
Download:	download sample
Signature	Formbook Create hunting rule
File size:	552'440 bytes
First seen:	2021-02-18 16:00:55 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
ssdeep	3072:mi/xxc4ydv+EdjS6fAAkyU2jTB2yjFwr4C4gfTT7Okyp+6Jp6j0kvMPR7LpnVTNA:EpA39gIVabFyX8qoolhGdSZMSVCgB
TLSH	F0C42440BB7087A98551F37FD6EBA31A13A2F4F78A20979367491FB1D8D10D2784E6C8
Reporter	abuse_ch
Tags:	exe FormBook

Intelligence

File Origin

# of uploads :

1

# of downloads :

147

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/117836/

Detection(s):

SecuriteInfo.com.BehavesLike.Win32.Generic.ht.4418.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Result

Verdict:

SUSPICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

Unknown

Detection:

suspicious

Classification:

n/a

Score:

21 / 100

Link:

https://www.joesandbox.com/analysis/611821

Signature

Machine Learning detection for sample

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/8604efbf9ca295f28b5850c7c97568363c838bf8a4ed88bc6db6b12b5f24a166/

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=qyco7p44ukk7fc2ykdd4s5ligy6ihc7yutwyrpdnw2yswxzeufta._file

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/210218-pn92n61a2a/

Unpacked files

SH256 hash:

8604efbf9ca295f28b5850c7c97568363c838bf8a4ed88bc6db6b12b5f24a166

MD5 hash:

cdc2b393adcf7921fccfbfe39b19ce05

SHA1 hash:

6fc0a382dc07e4c5bd4d65a52bc88aabc1e4aa10

Link:

https://www.unpac.me/results/f5e6da2a-0bd7-4533-9618-7a6d22096fd0/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 8604efbf9ca295f28b5850c7c97568363c838bf8a4ed88bc6db6b12b5f24a166

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/987609/

Delivery method

Distributed via web download

Cape

Cape

https://www.capesandbox.com/analysis/117836/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample