MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 923cee65b6864e983a89554726ee733823b721f6e98d59c27491e3c76ea4efff. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 923cee65b6864e983a89554726ee733823b721f6e98d59c27491e3c76ea4efff
SHA3-384 hash: f8355c115cb85f813a7260bdd816f7d8b8ab4ee42581e2ef9a5d40a725e5b59595f836d160c20158f63eb22343038277
SHA1 hash: 1a77ea0ef1e55dbdba87c9d6db49efd18f79741e
MD5 hash: 281d0fb65aaf7ac9588f359d53928d0a
humanhash: seventeen-carpet-romeo-bulldog
File name:jsc_PI.zip
Download: download sample
Signature Formbook
Create hunting rule
File size:541'542 bytes
First seen:2021-06-30 11:08:54 UTC
Last seen:2021-06-30 13:49:51 UTC
File type: zip
MIME type:application/zip
ssdeep 12288:aj8uFbVSy9WH1126v3JURYGtgLqzZnzTlDZjjqC47:cHbVSy9YK6v36RYGtV9zHjjm
TLSH 82B423B1B81BDF43CFBFCB2063E577A850195FAC9B51709429D72114AA523AFBA04CD8
Reporter DFNCERT
Tags:FormBook xloader zip

Intelligence

File Origin
# of uploads :
2
# of downloads :
124
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.899.10301.28406.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/923cee65b6864e983a89554726ee733823b721f6e98d59c27491e3c76ea4efff
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/923cee65b6864e983a89554726ee733823b721f6e98d59c27491e3c76ea4efff/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-06-30 09:03:54 UTC
File Type:
Binary (Archive)
Extracted files:
12
AV detection:
7 of 46 (15.22%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=si6o4znwqzhjqoujkvdsn3tthar3oipw5ggvtqtushr4o3ve577q._file
Result
Malware family:
xloader
Create hunting rule
Score:
  10/10
Tags:
family:xloader loader rat
Link:
https://tria.ge/reports/210630-lnfyy11eq2/
Behaviour
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of UnmapMainImage
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Deletes itself
Xloader Payload
Xloader
Malware Config
C2 Extraction:
http://www.kalptarucentrino.com/owws/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.95
Link:
https://yomi.yoroi.company/submissions/923cee65b6864e983a89554726ee733823b721f6e98d59c27491e3c76ea4efff

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip 923cee65b6864e983a89554726ee733823b721f6e98d59c27491e3c76ea4efff

(this sample)

Formbook

Executable exe 1bcb33eed3dc2a21fba05a84a06d63d2313c4b69e0eb6db6e781ffa7a7732b03

  
Dropping
MD5 ea9dac7924879bf7102464b3095e81bc
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1bcb33eed3dc2a21fba05a84a06d63d2313c4b69e0eb6db6e781ffa7a7732b03

Comments