MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9728048925e7faf422c4d7bacfaa90fae8bdcc9efad8a0868b456f3d4b213d09. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9728048925e7faf422c4d7bacfaa90fae8bdcc9efad8a0868b456f3d4b213d09
SHA3-384 hash: 6f4fe14949ed28a6703461ed1df54be73651063ac0a33da39b2158948389e02c53b36a65172a3242e8c40f74fb117b2e
SHA1 hash: b31a7b97f75c7f296bef9eb6d5c2a585bf1d802d
MD5 hash: 38277d6e24f7210e5b8d77a337ae51d1
humanhash: zebra-mars-alaska-seven
File name:SecuriteInfo.com.Variant.Bulz.229258.13751.2423
Download: download sample
Signature Formbook
Create hunting rule
File size:1'132'032 bytes
First seen:2020-11-25 16:48:02 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'661 x AgentTesla, 19'474 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 12288:Pwjzj6IequI2YwhOTaGZ3gU9Xn59yOVaBdyDiBs/5H4u4nzKNVAZcd7KXkwQKxlJ:Yjn5eHjD8JZwi3PAdqfV16ONigKBmUV
Threatray 3'046 similar samples on MalwareBazaar
TLSH EA355B9C325071EEC46BD57ACAA81C68EBA1346B831B8207B02F15AD9F5C987DF145F3
Reporter SecuriteInfoCom
Tags:FormBook

Intelligence

File Origin
# of uploads :
1
# of downloads :
103
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/105657/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Creating a file
Launching a process
Launching cmd.exe command interpreter
Unauthorized injection to a system process
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
formbook
Create hunting rule
Link:
https://mwdb.cert.pl/sample/9728048925e7faf422c4d7bacfaa90fae8bdcc9efad8a0868b456f3d4b213d09/
Threat name:
ByteCode-MSIL.Backdoor.NanoCore
Create hunting rule
Status:
Malicious
First seen:
2020-11-25 16:46:59 UTC
AV detection:
25 of 28 (89.29%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
formbook
Create hunting rule
Similar samples:
176b6a4f321a046262569c7e6302f9cd734282399645f8b13538489f5183a617
Formbook
2bafe7b4f77916d7ca905d9d46453d27e090b85ba065f4892a886abdc8e51863
Formbook
2fe26662d53b976914fd7bd9fbb589f5bd4114f47753c9437593b29fcd04c236
Formbook
366d589602fe9abe8051f7b13322aaa0efc3d65638575bc6488a65ce75773488
Formbook
45cf51569314dac91762e5c1f112c4a640595239d553729f10613f9f59403e84
Formbook
496312b0f2439d09765eb76ce146369b9417f59225f86c9b5f0ef8e1bb880602
Formbook
867ec49152a23a8e5ea628a48ec1810db588a716b922e6d1c8e7c45116908d24
Formbook
e4d5d94ced6c3f57c4aa9c9d7b910ff1fa99d2befda7e8d2bd3749a687be8f3d
Formbook
e5a94739fb1f6d7a06f6b9eb529037c9ab0d59be424d4b99c63651360d7ded3f
Formbook
f071c302252202ae71dd004191dad662307c670d95b53b7c0f5d0c8c039e9e7b
Formbook
+ 3'036 additional samples on MalwareBazaar
Result
Malware family:
formbook
Create hunting rule
Score:
  10/10
Tags:
family:formbook rat spyware stealer trojan
Link:
https://tria.ge/reports/201125-vvlb1dqvc6/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Formbook Payload
Formbook
Malware Config
C2 Extraction:
http://www.mommabearmoney.com/et2d/
Unpacked files
SH256 hash:
9728048925e7faf422c4d7bacfaa90fae8bdcc9efad8a0868b456f3d4b213d09
MD5 hash:
38277d6e24f7210e5b8d77a337ae51d1
SHA1 hash:
b31a7b97f75c7f296bef9eb6d5c2a585bf1d802d
Link:
https://www.unpac.me/results/a34dcd84-83ce-4eaa-9085-c0a0135e8e59/
SH256 hash:
c8671a87d685f2354d96f3cfcad530dfa5f3ec535a0f5ec14940d81fb857813b
MD5 hash:
b5358f677850210361f573c7d249c258
SHA1 hash:
215e06e319515d779efa88f7c05b343d6ec3f6a5
Link:
https://www.unpac.me/results/a34dcd84-83ce-4eaa-9085-c0a0135e8e59/
SH256 hash:
c6fcf5d515d56cf746b4c4aa4695f11e9ad7f6063a96cda810bf39dc47c5a7a0
MD5 hash:
47509d9db24c975e55c287afdc459fad
SHA1 hash:
4f1f893555c985d7cbba731cf1fdbf49c6ecf793
Link:
https://www.unpac.me/results/a34dcd84-83ce-4eaa-9085-c0a0135e8e59/
SH256 hash:
b65b35707b7766f787314cf18db9f2369b07b84cc9ab27bc482ab2bb0e3206cb
MD5 hash:
ff7a6e08a10ba5bc65e426e85f058960
SHA1 hash:
8529cd945c71519e2ab675be471944960ad4a7aa
Link:
https://www.unpac.me/results/a34dcd84-83ce-4eaa-9085-c0a0135e8e59/
SH256 hash:
b3a4b94745b70166b9d3bd03616ac17a77ee0c53d50d56ad24f7a9d1020421ac
MD5 hash:
a898aeeb8482feead25ad331cd942c67
SHA1 hash:
c0ff55e97d0e50b89e470052c3f5a7764d7223ac
Link:
https://www.unpac.me/results/a34dcd84-83ce-4eaa-9085-c0a0135e8e59/
SH256 hash:
bccb1c4f5b12cb5c0e1f397ef41e572a13275868f9cc7cfa6af2896b5cea463c
MD5 hash:
277002441cc5df403b98414531ed283f
SHA1 hash:
f881f9a9b456ae0ed845429f38f7d64d97ae0605
Detections:
win_formbook_g0
Create hunting rule
win_formbook_auto
Create hunting rule
Link:
https://www.unpac.me/results/a34dcd84-83ce-4eaa-9085-c0a0135e8e59/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Formbook
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/9728048925e7faf422c4d7bacfaa90fae8bdcc9efad8a0868b456f3d4b213d09

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Formbook

Executable exe 9728048925e7faf422c4d7bacfaa90fae8bdcc9efad8a0868b456f3d4b213d09

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/853460/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/105657/

Comments