MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9b9c7c9bf796b2bccdc9a9ec430d4b4f7731d6b611a0b65f522e3517cc5a9e22. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9b9c7c9bf796b2bccdc9a9ec430d4b4f7731d6b611a0b65f522e3517cc5a9e22
SHA3-384 hash: ce234df35ae7a21dc8ab66f99fee191f8ccb3dc753d779b425636dcee488407d7e64efdcadbd9ae7a358f0e5c327d461
SHA1 hash: c08c2ae805761e19dd35ad10e3b8ea781d3fdc8f
MD5 hash: 5580ae22542da7618ffe0291aa52ecfb
humanhash: mobile-asparagus-low-lactose
File name:Conti Srl (PO352ELJ3524).exe
Download: download sample
Signature FormBook
Create hunting rule
File size:346'624 bytes
First seen:2020-04-29 18:30:24 UTC
Last seen:2020-04-29 20:05:00 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'748 x AgentTesla, 19'652 x Formbook, 12'246 x SnakeKeylogger)
ssdeep 6144:0hdEdo/hI6WOl2tY+YYdBlTbehAW0AQZ5GCK0uuIedUfywdDFWHBCf8r7ACWaZen:adx/rWOlyTaqYv/6CDWMaFWaZeJt
Threatray 4'844 similar samples on MalwareBazaar
TLSH AE74AEAC764475EFC82BCC76C9A45C60BA1074BB830BE357A45706AD994E9CB9F042F3
Reporter abuse_ch
Tags:exe FormBook


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: cathay-food.co
Sending IP: 111.90.140.123
From: Caterina <caterina@cathay-food.co>
Subject: Conti Srl (Order 1NNQ)
Attachment: Conti Srl PO352ELJ3524.rar (contains "Conti Srl (PO352ELJ3524).exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
96
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.43206.20979.11181.UNOFFICIAL
Create hunting rule

Win.Packed.Nanocore-7758947-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-29 17:25:47 UTC
File Type:
PE (.Net Exe)
Extracted files:
3
AV detection:
26 of 31 (83.87%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=toohzg7xs2zlztojvhwegdklj53tdvvwcgqlmx2sfy2rptc2tyra._file
Verdict:
malicious
Similar samples:
043ba161ac2f0d30c5a15799d3ce26ec63989d278f58867aeff64ce7ecb41f42
FormBook
30bbf2043054b92e495bbd55f67e43b8eafce430bf31d8aaa4899385e503cdbe
FormBook
3e98d7f59e495ddfa5140a50f70347bb4a56296ca2dcb6602f65ebb4e4a0373b
FormBook
74d63d3b59e6068fdfa650d8a583b15a80e6a4dc68b54e38f4f21f5797a0f1b2
FormBook
8b3c2218dfa966253c0959428f73b21c4551c0648b276e2092df40783ea2550c
FormBook
916237116e09e4233846389b7410a8ccc7e7ef96c0ed97c3fdb19a08499504af
FormBook
b9c1be5f81b9261b1bb68fb0f667a57721bd04b750427a9382844c42d18dba6e
FormBook
c0e1210ec3e11a5d71cdbf2edfb199539f891a1bdb27ccd97eaf0fb70891c615
FormBook
ce860f3976ba5df3c4465a4b60d12980677dccc961a9fa91555c7b9de14c3dd8
FormBook
f38d170b1da421aa60e778a64fec953d3058336f7cb06568ba7926495fe87f0c
FormBook
+ 4'834 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar 6f825a42b2676b0b7d5aae79bdcc3791fdd0372bca413b887c356ac97eece501

FormBook

Executable exe 9b9c7c9bf796b2bccdc9a9ec430d4b4f7731d6b611a0b65f522e3517cc5a9e22

(this sample)

  
Dropped by
MD5 fb64fe6d34e88075bb411a56a836f78a
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 6f825a42b2676b0b7d5aae79bdcc3791fdd0372bca413b887c356ac97eece501

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments