MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9733c1d2fdc6b5cb196765e0a6592c5868ac21f98a191e5071d563dc5b96026b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9733c1d2fdc6b5cb196765e0a6592c5868ac21f98a191e5071d563dc5b96026b
SHA3-384 hash: b8b75191f4f2f66eb371a7d14af8ed463f13185f11a32ef16171135dfc9feb5de41cc3571a322580749557cbb9e3aeaf
SHA1 hash: 50cc971a9abfa69efe2c4aa85f07ca2aa1054c4c
MD5 hash: ada4c0ba82630c97a7195074127a4132
humanhash: west-kentucky-september-salami
File name:291020.exe
Download: download sample
Signature Formbook
Create hunting rule
File size:219'136 bytes
First seen:2020-10-29 09:55:29 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'753 x AgentTesla, 19'658 x Formbook, 12'249 x SnakeKeylogger)
ssdeep 3072:JhLOyCqmpwmng28hXCN/wMwjS/i03u2zQl4PNcXKofMp1QcPTF:uyCzI2dUEn
Threatray 14 similar samples on MalwareBazaar
TLSH 462418C2B50405D5FA2C5B3160334D6412B76EBE7AB1606E746DFB7336B32C3052E9AA
Reporter JAMESWT_WT
Tags:FormBook

Intelligence

File Origin
# of uploads :
1
# of downloads :
118
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Dtloader
Create hunting rule
Link:
https://www.capesandbox.com/analysis/80871/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching a process
Creating a process with a hidden window
DNS request
Creating a file
Sending a UDP request
Sending a TCP request to an infection source
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/515920
Signature
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9733c1d2fdc6b5cb196765e0a6592c5868ac21f98a191e5071d563dc5b96026b/
Threat name:
ByteCode-MSIL.Spyware.Stelega
Create hunting rule
Status:
Malicious
First seen:
2020-10-29 09:02:12 UTC
File Type:
PE (.Net Exe)
Extracted files:
2
AV detection:
25 of 29 (86.21%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=s4z4dux5y224wglhmxqkmwjmlbukyipzrimr4udr2vr5yw4wajvq._file
Verdict:
unknown
Similar samples:
404f5e208504a3cc7541fffb203db6bd135373f0ae0b9dc88d84e57464539dc5
Formbook
47882b961548cb3a61fed418fdfb4b714498cb53c3db242f3b6378832a32bb04
Formbook
7c6f9944f020d5349a5657bdee7fb477efd9243135a05b4db9b6a2c19f6fdc27
Formbook
81a408670b2a419c4383f47f1bdc1bf040e8070e8f4eaa734173478a6ee2347c
Formbook
86b0b53349b935048562758a34e08ae6190c67fa522e8742f60702b334625d36
Formbook
8a290b72c3abedee23df097a5dc65d879f05e2ef1c214c19be8eed0a73528e77
Formbook
9571c8778f8fbce9e3bda5437cbcc7d7a6623d7ae13b7a3ec127c2ab6e7f4ca4
Formbook
a759e32021435c8998b407e6507bfb9b3d753daef9344af0c90cba74bb9a2fcc
Formbook
c805a81435618323cd34e9729b058df78e9c496d1d6c752cc3e5c7cb30f26613
Formbook
ca60958a09d1cd5817504857d90b846a9ce6f6ee1bed7686318b3741108b709c
Formbook
+ 4 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201029-p73xzer2kj/
Behaviour
Delays execution with timeout.exe
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/80871/

Comments