MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9b2c6f08cd9a4e3b144422de4d540290542ce50239f2c85697a036a461b25264. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

FormBook

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	9b2c6f08cd9a4e3b144422de4d540290542ce50239f2c85697a036a461b25264
SHA3-384 hash:	541ee88fa90ae92009a84d6a7baa95f41ffa6484ebaaccec6a75bf29150829105890c87b3141ba902a27b7d887eda861
SHA1 hash:	9a37837ad47f97bdb206eb4ed36d3585aefe2e60
MD5 hash:	ef6b807f0c76cc029f8d845121eb34cd
humanhash:	west-coffee-skylark-equal
File name:	ef6b807f0c76cc029f8d845121eb34cd.exe
Download:	download sample
Signature	FormBook Create hunting rule
File size:	358'912 bytes
First seen:	2020-06-02 07:10:16 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f22635dbd118c4c2567a245ddd95bb69 (9 x FormBook)
ssdeep	6144:0hFGVLv3OIJcGPLqxptFAtVGPqaYwfHbGw:0hEOIyGLqxtUTwPS
Threatray	5'317 similar samples on MalwareBazaar
TLSH	0674CF00B982853CF0A9C27D5D559A15137A3E1155B17BC7B7C82A8E99332E73B333AB
Reporter	abuse_ch
Tags:	exe FormBook

Intelligence

File Origin

# of uploads :

1

# of downloads :

73

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Downloader.Aiis-6803892-0

Gathering data

Threat name:

Win32.Trojan.Noon

Status:

Malicious

First seen:

2020-06-01 19:30:00 UTC

File Type:

PE (Exe)

Extracted files:

7

AV detection:

24 of 31 (77.42%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=tmwg6cgntjhdwfceelpe2vacsbkczzichhzmqvuxua3kiynskjsa._file

Verdict:

malicious

Label(s):

emotet

trickbot

Similar samples:

3e98d7f59e495ddfa5140a50f70347bb4a56296ca2dcb6602f65ebb4e4a0373b

474cad642b1cf88f8d7f922cbfd9b8a00d7fc0eb40cafc0877007ee2884f105f

590fde182a154cd89b15d88546d60351b9fecb51e04fbbf4affd8d49a618bd23

5ea463243b051351c219469515fb9b39d01c5c3c4f4698bd6164e36070622d35

6f827b68129d30609057c2e6b36be05649fce91d6bc8ee3d3566ca5c6aba562b

b042e4bdfe19df2aa474fd5e2294aecc9a07d447c96466db7a7e20316d885634

b30a215a2d9c492ec94f6da67af440908c8a8c2239a37bbc1204538341823d88

b57c9384280389b262d09cb4fa5b5465aadd4aaba2afb6d48c5d6e7c3f8d923e

d3664113994262962936ebe74d0355986970def0cd0bcdcf088fe102047df9ba

e13acda03eb4829793beb5c0664d5752663b7ef5ae72b63724e7eaf189a9fec4

+ 5'307 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-ezqp51zzls/

Behaviour

Suspicious behavior: EnumeratesProcesses

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 9b2c6f08cd9a4e3b144422de4d540290542ce50239f2c85697a036a461b25264

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/373533/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample