MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 93d8f58337eb1309d7fadafe6707dde3a7d20d65870d05a689b3c2f264e61193. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 15


Intelligence 15 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 93d8f58337eb1309d7fadafe6707dde3a7d20d65870d05a689b3c2f264e61193
SHA3-384 hash: 045d14192a0e605decb853d9b747c07dd261c4c07e33a101634f9450cfcb25acec855b41665649cbd2091768c875b37b
SHA1 hash: a9cbc2c92acc50f5d7535d8646dd8a2cf939cbd6
MD5 hash: 16dd1c1e6afc87d0f7e7cee89876b77f
humanhash: xray-grey-don-artist
File name:SecuriteInfo.com.Trojan.Inject6.17597.17574.4705
Download: download sample
Signature Formbook
Create hunting rule
File size:691'200 bytes
First seen:2025-11-27 13:03:57 UTC
Last seen:2025-11-27 13:35:33 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'665 x AgentTesla, 19'478 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 12288:bLUR7YlGxovyt17G4k7jMHNQtjaAVgBJyrXcN5ZStM8lLzPe4vkMkhigXSCkip:k1YluHvkUQtjaAuBzdhKvGcGb/vp
TLSH T106E412942B69CB33E87A2BF62975D23143B62D5EB072C7468EDAECDB3121B144D10793
TrID 71.1% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
10.2% (.EXE) Win64 Executable (generic) (10522/11/4)
6.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.3% (.EXE) Win32 Executable (generic) (4504/4/1)
2.0% (.ICL) Windows Icons Library (generic) (2059/9)
Magika pebin
Reporter SecuriteInfoCom
Tags:exe FormBook

Intelligence

File Origin
# of uploads :
2
# of downloads :
94
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Trojan.Inject6.17597.17574.4705
Verdict:
No threats detected
Analysis date:
2025-11-27 13:07:05 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/df1f38e8-a7d0-4ff4-8c3d-25c5e2f3884f

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/41639/
Detection(s):
SecuriteInfo.com.Trojan.Inject6.17597.17574.4705.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
70%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69284c4e6cb1dcd577818b59
Tags:
malware
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Сreating synchronization primitives
Connection attempt
Sending a custom TCP request
Unauthorized injection to a recently created process
Restart of the analyzed sample
Creating a file
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
packed vbnet
Link:
https://www.filescan.io/uploads/69284c4dd0d5e7288b4dd773/reports/787c9fc9-1abb-482e-8936-a31bf8a85bdb/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/93d8f58337eb1309d7fadafe6707dde3a7d20d65870d05a689b3c2f264e61193
Result
Gathering data
Verdict:
Malicious
File Type:
exe x32
First seen:
2025-11-27T08:57:00Z UTC
Last seen:
2025-11-27T09:38:00Z UTC
Hits:
~100
Link:
https://opentip.kaspersky.com/93d8f58337eb1309d7fadafe6707dde3a7d20d65870d05a689b3c2f264e61193/results?tab=lookup
Malware family:
Formbook
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/dad016a6-8e0c-407e-8fcf-1413222a5d1c
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/93d8f58337eb1309d7fadafe6707dde3a7d20d65870d05a689b3c2f264e61193
Verdict:
inconclusive
YARA:
5 match(es)
Tags:
.Net Executable Managed .NET PDB Path PE (Portable Executable) PE File Layout SOS: 0.43 Win 32 Exe x86
Link:
https://app.malva.re/file/16dd1c1e6afc87d0f7e7cee89876b77f
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/93d8f58337eb1309d7fadafe6707dde3a7d20d65870d05a689b3c2f264e61193/
Verdict:
Malicious
Threat:
Family.FORMBOOK
Link:
https://tip.neiki.dev/file/93d8f58337eb1309d7fadafe6707dde3a7d20d65870d05a689b3c2f264e61193
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=spmplazx5mjqtv723l7gob654ot5edlfq4gqljujwpbpezhgcgjq._file
Result
Malware family:
formbook
Create hunting rule
Score:
  10/10
Tags:
family:formbook discovery rat spyware stealer trojan
Link:
https://tria.ge/reports/251127-qa1p8szqfr/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
System Location Discovery: System Language Discovery
SmartAssembly .NET packer
Suspicious use of SetThreadContext
Formbook payload
Formbook
Formbook family
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/be35c081-a7c8-45af-8a88-48436e4adc43
Unpacked files
SH256 hash:
93d8f58337eb1309d7fadafe6707dde3a7d20d65870d05a689b3c2f264e61193
MD5 hash:
16dd1c1e6afc87d0f7e7cee89876b77f
SHA1 hash:
a9cbc2c92acc50f5d7535d8646dd8a2cf939cbd6
Link:
https://www.unpac.me/results/de726a73-11e1-461b-a493-03bc1973ec3f/
SH256 hash:
4ea9f5777f2711fab978f79b5c1d21bb1ae21a06091c7c43d9fef887aa208bad
MD5 hash:
04baa15171fd2e4987725183167e7102
SHA1 hash:
bf87db082e4a07abaf35863b76c4ec4c2e5dedb2
Link:
https://www.unpac.me/results/de726a73-11e1-461b-a493-03bc1973ec3f/
SH256 hash:
54535ee058ed80583d623c0b6c6c6b25aec126822bab03c680d991fd9f2f21b9
MD5 hash:
c04e22e33b6520637a665126ee81549b
SHA1 hash:
2f06f6cc2cf960e4ec6602a84e7b588330f468ce
Detections:
SUSP_OBF_NET_ConfuserEx_Name_Pattern_Jan24
Create hunting rule
SUSP_OBF_NET_Reactor_Indicators_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/de726a73-11e1-461b-a493-03bc1973ec3f/
SH256 hash:
3aa8ce5d4766e6fa27c0f3e031c1425b79322fc25ced61c68998ddd0fe84afe0
MD5 hash:
62963935f4f4a7a5d71e15077781146b
SHA1 hash:
374f566ec38e44ea82e0aef8c79417067b37f003
Detections:
INDICATOR_EXE_Packed_SmartAssembly
Create hunting rule
Link:
https://www.unpac.me/results/de726a73-11e1-461b-a493-03bc1973ec3f/
Parent samples :
5fc5368bad8a8b519f2c392b97c458d9425307b00d52aaadea20eba58e8eeb24
707fdafc56b969ced0f79032c766da29582068ae2630074ec8d41c4d53a73773
ac7a2d43da192df88b772d5f18ad2fbfff501236b4593c0e608474fedde91508
a0f0d732fb63ac2e8801fb5f3a7f969952a7fbdb8b2a782c64cb1c1c14bda72c
4528e9b7d05236ab6a225911e8978af4a7d49bc0221b5529d40ee85b60b0dae7
0be718f7b7a74c02cb6e13cf89c32e36e3385d3c8d6bf11459e8a43afafe4ab4
35c4d93f942a492df6f2c7a905cc0c05d8d0013f8361ef0453762ce8ed74a6c8
93d8f58337eb1309d7fadafe6707dde3a7d20d65870d05a689b3c2f264e61193
74ace00f731591af315dda87a91dcad538db3fab7a62d9e8612eef59dc128bde
e7a7b1d0ebf9cbb2760f3795b42b1b39596ab0eabf1cb12417ba2e8e42494708
SH256 hash:
06cfb506c3676ec124f7bfb3eea482495eb29f48dd2a1546d95b716c95b06305
MD5 hash:
bcbd9785d612b5b425a2ceaf56145465
SHA1 hash:
db15e8731a90d56f72d6fe09a16c1f319f9477ac
Link:
https://www.unpac.me/results/de726a73-11e1-461b-a493-03bc1973ec3f/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/93d8f58337eb/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/93d8f58337eb1309d7fadafe6707dde3a7d20d65870d05a689b3c2f264e61193

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/41639/

Comments