MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8b9bbca00335521a8fa45d5abf271ccf0eac27d70e44140355f7af671c3dbe7e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8b9bbca00335521a8fa45d5abf271ccf0eac27d70e44140355f7af671c3dbe7e
SHA3-384 hash: 85eafbdebff79add185aa34062a4899996109897a171af0f4fa2bd03b7f602b93ea895165dd5537703fe264823f42292
SHA1 hash: f2f2fe25971249ab85779984b695976128768b9f
MD5 hash: ff8930c79f5bcaee14b244f6551766b9
humanhash: king-island-avocado-minnesota
File name:MASK_INQUIRY.exe
Download: download sample
Signature FormBook
Create hunting rule
File size:367'104 bytes
First seen:2020-04-30 09:39:30 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'747 x AgentTesla, 19'638 x Formbook, 12'244 x SnakeKeylogger)
ssdeep 6144:Vx19xfRz9RzGhN7NLcaI3d4qRo1q0cX2Jje3gsn/2Js3kbC3NDiRzXgbhrUU5OPs:Vx1fFTGjRLca8d1G1q0Dgwsn/as3kW9F
Threatray 5'140 similar samples on MalwareBazaar
TLSH 8574E11232C5890BCA9908F44423A34487B59FEA6857F7CE6DC735EE1AF23D9664D383
Reporter abuse_ch
Tags:exe FormBook


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: 111.90.140.145
Sending IP: 111.90.140.145
From: Eva T Audrey <eva.audrey@qualitech-solutions.cam>
Subject: RE: ORDER INQUIRY
Attachment: MASK_INQUIRY.rar (contains "MASK_INQUIRY.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-30 09:48:00 UTC
File Type:
PE (.Net Exe)
Extracted files:
11
AV detection:
24 of 31 (77.42%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ron3ziadgvjbvd5elvnl6jy4z4hkyj6xbzcbia2v66xwohb5xz7a._file
Verdict:
malicious
Similar samples:
023ca25a18e7b6fe4c2346878ff4e688c011ef10900611f59689c4881f76579c
FormBook
0f9158444d5e5387bfc619b035fbc31625cc933643f3eea063eca29cc33455ef
FormBook
161ab2a24a2f0a71e1a50d1110b3ca25ec1a53c1412c2235db94a871bc3c9563
FormBook
20b27c73d6c337c95759c21e02e1e795fb7f07413e46f053e6e728c5de342dd9
FormBook
2909ff5bce8e72f2007455c778afbe46192919731b197e654e6e03f47cbe421f
FormBook
538b5708c76c86e74b0bf54772daa9bda7c7bab48b5261541a3bf128714d8e68
FormBook
65a02f6b451bb5ccf5d443b7976da84cb80812e24a909d1038423bfe5ac5e2b8
FormBook
96ffe97ffd555e8f1329ba24b40cba5320d5bc1ef51fb0155b9dea55bf842487
FormBook
986db22a45f9c417139adb5a9fe1708dedc8b029a428e9db880b2cb7408c5d2d
FormBook
e2e86de59b03cd68c6795d391938d75dac7fa0fe0d5bf497a075402686eba01d
FormBook
+ 5'130 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar 5e08e4d02a26bd562975df906c2215d7f239a127267bb677bbaa52fc19abaf89

FormBook

Executable exe 8b9bbca00335521a8fa45d5abf271ccf0eac27d70e44140355f7af671c3dbe7e

(this sample)

  
Dropped by
MD5 440fe98833dfd2ef57003aec5fe06c7c
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 5e08e4d02a26bd562975df906c2215d7f239a127267bb677bbaa52fc19abaf89

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments