MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9a800be0555a840292d1534025461cb5c2a96d117a110efa8331a19475fb31c2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9a800be0555a840292d1534025461cb5c2a96d117a110efa8331a19475fb31c2
SHA3-384 hash: ee8ca1ed4324d2cc802cadf884215bdbaa4a1ff69039317804c66e7e90e574debaa7e15cc358fa612bd90bcb5c2df2e4
SHA1 hash: 3e5f63af2ab061ab4614597358e994abfd486586
MD5 hash: 794d28a50e7e7c976b91c8f2b2d20e8b
humanhash: leopard-nevada-mexico-wyoming
File name:SWIFT_IM.SCR
Download: download sample
Signature Formbook
Create hunting rule
File size:253'111 bytes
First seen:2022-02-02 11:36:38 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 099c0646ea7282d232219f8807883be0 (476 x Formbook, 210 x Loki, 107 x AgentTesla)
ssdeep 6144:owMPPPuBMNg4EdYkVvY7+xkYXyXukWuR6Z:uPu8EdxvQ+GQQN2
Threatray 13'140 similar samples on MalwareBazaar
TLSH T1CF34121536DDD8A7D0A325B57EB3CB64CEF7D3102712238F8B509FBA9925283A04748B
File icon (PE):PE icon
dhash icon b2a89c96a2cada72 (2'283 x Formbook, 981 x Loki, 803 x AgentTesla)
Reporter Anonymous
Tags:exe FormBook

Intelligence

File Origin
# of uploads :
1
# of downloads :
151
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SWIFT_IM.SCR
Verdict:
Malicious activity
Analysis date:
2022-02-02 11:36:19 UTC
Tags:
installer
Link:
https://app.any.run/tasks/380be987-b509-4fac-a41c-2b0f4b5e9e97

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/230002/
Detection(s):
SecuriteInfo.com.FakeAV.CXA.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Creating a file
Unauthorized injection to a recently created process
Сreating synchronization primitives
Launching a process
Launching cmd.exe command interpreter
Searching for synchronization primitives
DNS request
Sending a custom TCP request
Sending an HTTP GET request
Unauthorized injection to a system process
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
control.exe overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/61fa6ce1a0f6a794b333727e/reports/843e479e-233b-4e6b-a590-ddf5a06a7dde/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
RaRansomware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/fe3bda38-c821-43c6-91ba-fc1fa2669999
Result
Threat name:
FormBook
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/932595
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9a800be0555a840292d1534025461cb5c2a96d117a110efa8331a19475fb31c2/
Threat name:
Win32.Trojan.SpyNoon
Create hunting rule
Status:
Malicious
First seen:
2022-02-02 11:37:12 UTC
File Type:
PE (Exe)
Extracted files:
4
AV detection:
21 of 27 (77.78%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tkaaxycvlkcafewrknackrq4wxbks3irpiiq56udggqzi5p3ghba._file
Verdict:
malicious
Label(s):
formbook
Create hunting rule
Similar samples:
01222693e4698149f19d31ac66567a9815f89509bac13d690de8a5afda2bee08
Formbook
0da36b7f7e4b44b640ab5769532fdd7599032ca2b1d6b57807ba48ad1fa76780
Formbook
28562d1e97597dbe302d550277e91bd4aa6869bd3d356668bc7c48b2b6eaa3d1
Formbook
2a4415721925c12ce8a80719697ffbda5daf88fe34804b0549bc5d5605790cdb
Formbook
58f65684890c1ec3e63d010defd5f3c48f963865d2fa1d468d5a5f44b7026164
Formbook
71bad0685e5b2447a8dcdc960ee2930ad5ec4910d5d449040fb52cb9754df2a2
Formbook
75362f20dab8d57db3ade6427e647b0bc01d8345ccfa9781d5778877f04f7fb5
Formbook
786698eab83f77c1fdc3d37daf49966befe788b0e85167083726354225176d1f
Formbook
9e6a92df11bb23b335d5bbf85731a1ea96f6c4038a24c2e4edb28e2169804c30
Formbook
a1bf6120b566e76d3df3b722c1a517fe69b74e670d70bde100c4cf04e3ee947e
Formbook
+ 13'130 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/220202-nq6v3sabg3/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Loads dropped DLL
Unpacked files
SH256 hash:
e7b8eebe1e9c9aab3d13e24032ff4f377dd5ac8864ecebf0b2f064736841a3d5
MD5 hash:
c9302e9a13b94675a2d71590a51aadbb
SHA1 hash:
941d43f10e3677eb25f20b613f6cdaaa81758c66
Link:
https://www.unpac.me/results/7669fc4a-d74c-4552-a709-770b9ef69428/
SH256 hash:
532ff3d9d578cc0245dcce13f4d28a163f6a41a9f6f582895149a045e379cfe7
MD5 hash:
f27ca7327c66b1b91eb61a9b9594d53a
SHA1 hash:
62a7a4a655ab3e9631ab264c1af3b517eea37844
Link:
https://www.unpac.me/results/7669fc4a-d74c-4552-a709-770b9ef69428/
SH256 hash:
9a800be0555a840292d1534025461cb5c2a96d117a110efa8331a19475fb31c2
MD5 hash:
794d28a50e7e7c976b91c8f2b2d20e8b
SHA1 hash:
3e5f63af2ab061ab4614597358e994abfd486586
Link:
https://www.unpac.me/results/7669fc4a-d74c-4552-a709-770b9ef69428/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/9a800be0555a840292d1534025461cb5c2a96d117a110efa8331a19475fb31c2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/230002/

Comments