MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9b5f7add214fdc53df8db97afea57e286e93983ffbcdd467d0f67fde380e3482. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9b5f7add214fdc53df8db97afea57e286e93983ffbcdd467d0f67fde380e3482
SHA3-384 hash: a9f31953c9769c2e4117a4bdc853938b952c5faac389bc10221f300992be4a773dd0476055410885fc3a8d9cd9ecfa7d
SHA1 hash: 727c4cc35513be99af12768e1af3e74622661231
MD5 hash: 3062af0245734f6df5aad4f8d817b7d3
humanhash: mango-nineteen-three-april
File name:c67191407eb8761dac8c816c3559ffa1
Download: download sample
Signature Formbook
Create hunting rule
File size:737'792 bytes
First seen:2020-11-17 14:49:54 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:HqUBAuuLB6uBhj447FVoWN5RsjdYjp6MkfP285I4fi7:HSuuLBjx3KW/ejdYPkW8i4K7
Threatray 2'981 similar samples on MalwareBazaar
TLSH A6F4BE262248BFA6D1BD177BC0941041E3FADD13C356D8D47CEE35DE1BA6FA6D12A202
Reporter seifreed
Tags:FormBook

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Creating a file
Launching a process
Launching cmd.exe command interpreter
Unauthorized injection to a system process
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9b5f7add214fdc53df8db97afea57e286e93983ffbcdd467d0f67fde380e3482/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 14:51:45 UTC
AV detection:
23 of 28 (82.14%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
formbook
Create hunting rule
netwirerc
Create hunting rule
Similar samples:
073c6184b73bb8ae675774bd64e81e1023f6df992fb763358f9653d980e4b55e
Formbook
5c1d2289de5b338620bb43ede89d6d7afcf86cc4d2b20db3a3f20e5579e925fe
Formbook
5c262eeac56f9ceeb0b44f0b0c46535aa23c3f1317d2c03148648342854fb98c
Formbook
6b4b7e04b908d027fd811be6d25ceaa5e45eee1628467f686b35ed73bf411a76
Formbook
82c53ee74253581efe369c99373d6c978b3b9b799eb04de6c4eb59d2825e8ee2
Formbook
b3420cc90cce972045db0377a5c383ce049652650946b0c84f27280a7dbd1e38
Formbook
dd1b3508cfb8aeb7f9ec8ad9a96bda852f499fb57b8cce55d076e1ce20d89daf
Formbook
e3a99ce882e0faa9a119c9a4d7f91368463f38f7cd20ae48528c267ac6a19968
Formbook
e4974ddc809773cd725cfc7070ad545ddf4aa1fc211eb77a1eaae7b7fc1a019c
Formbook
eacd132f69b64ef7a47c959fd92f50343be23e5768f0476c665870f5de4f89ee
Formbook
+ 2'971 additional samples on MalwareBazaar
Result
Malware family:
formbook
Create hunting rule
Score:
  10/10
Tags:
family:formbook rat spyware stealer trojan
Link:
https://tria.ge/reports/201117-j3a4zqf73x/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Formbook Payload
Formbook
Malware Config
C2 Extraction:
http://www.abagsn.com/ffs/
Unpacked files
SH256 hash:
9b5f7add214fdc53df8db97afea57e286e93983ffbcdd467d0f67fde380e3482
MD5 hash:
3062af0245734f6df5aad4f8d817b7d3
SHA1 hash:
727c4cc35513be99af12768e1af3e74622661231
Link:
https://www.unpac.me/results/e106470c-fdbb-4d8a-97ba-58957ddaab5d/
SH256 hash:
262f6427644a8883449232256f253a2dfa11853ca4a03bd6bc2e057233b019d9
MD5 hash:
7d83e7c26c62aac970b343b67df6074e
SHA1 hash:
80981264a68a10c9fe51fbb8553bcf371950801d
Link:
https://www.unpac.me/results/e106470c-fdbb-4d8a-97ba-58957ddaab5d/
SH256 hash:
8e87cb56485c711a0765d4a58bb00ccc16ca591b2f2f3eea48e6c00a54959342
MD5 hash:
305259dfdf4ec10a646dd40e125d38a9
SHA1 hash:
b1920d36528d418166858ba1f502ee1dd3fa97cb
Link:
https://www.unpac.me/results/e106470c-fdbb-4d8a-97ba-58957ddaab5d/
SH256 hash:
bac5797bde4b2810766a40d95bcdb825ac5b395fcbadd139daa19a44a6cdc049
MD5 hash:
a92cc1f6e0a2742350dfda6726db14c0
SHA1 hash:
e5404e3ed46498deb8ad8966a774540c2b8e9c1e
Link:
https://www.unpac.me/results/e106470c-fdbb-4d8a-97ba-58957ddaab5d/
SH256 hash:
59b6df1dc0bd9057b4a9782394a2ba0835bdf1e0510840291bba6f9404638219
MD5 hash:
4c30424f2dc473570de05d6ed51b5de0
SHA1 hash:
d3506c6bf20fb1b6f378e1c9da6a732516dd917b
Detections:
win_formbook_g0
Create hunting rule
win_formbook_auto
Create hunting rule
Link:
https://www.unpac.me/results/e106470c-fdbb-4d8a-97ba-58957ddaab5d/
Parent samples :
5c6a27d687b37fada1074f3df67aa17c03127913e5bc5ce1dddbb9c31930e9fe
9b5f7add214fdc53df8db97afea57e286e93983ffbcdd467d0f67fde380e3482
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments