MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9d28d2b3cdf1132a476d9369c8226dd825be71fff0fe59de8eabc8771e4333e7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9d28d2b3cdf1132a476d9369c8226dd825be71fff0fe59de8eabc8771e4333e7
SHA3-384 hash: a7c2fd388185a6b5c7b787a534a85844f876b0b4b4dd219f2716c4dc84bd7b2698c9f8f8be7c19a2635666264deabd3e
SHA1 hash: 05205e5e43de3a4ed37a06dbfc690e880aeab29e
MD5 hash: 98eaf5b5768a42fe7606d193538ef6b8
humanhash: speaker-mobile-nineteen-beer
File name:Image 200319USD48742,55.pdf.exe
Download: download sample
Signature FormBook
Create hunting rule
File size:336'896 bytes
First seen:2020-03-31 13:40:24 UTC
Last seen:2020-03-31 18:47:23 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'740 x AgentTesla, 19'599 x Formbook, 12'241 x SnakeKeylogger)
ssdeep 6144:RQOtZf+5YOOqH/DuXGGP+IlU+ksr8NrXpUOede1zeJvyaahNSvhKsN6Qrwdibcl:dfd5I/qh2IlU3s4Jp4dCeJZWS0Fdibcl
Threatray 4'973 similar samples on MalwareBazaar
TLSH 5964DF4DB6547A8FC92BCD7689A12C20AB6064B7570BE383988311EC594DBDBCF142F7
Reporter abuse_ch
Tags:COVID-19 exe FormBook


Avatar
abuse_ch
COVID-19 themed malspam distributing FormBook:

HELO: globalfactory.qa
Sending IP 67.43.239.166
From: Brittany Jester <info@globalfactory.qa>
Subject: Re:[## 10641 ##] COVID-19/BALANCE PAYMENT
Attachment: Image 200319USD48742,55.pdf.ace (contains "Image 200319USD48742,55.pdf.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.31437.18903.30688.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Formbook
Create hunting rule
Status:
Malicious
First seen:
2020-03-31 09:27:23 UTC
File Type:
PE (.Net Exe)
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=tuunfm6n6ejsur3nsnu4qitn3as344p76d7ftxuovpehohsdgptq._file
Verdict:
malicious
Similar samples:
1b300274b3a285359d3c2c50d221aca75f28e1e972626fbef59454b3fba7f0fa
FormBook
1edf8c6bcf0ae2b38e9e28bcb1fd838c2ea35b5b126e4bc9e42daa2e1e722298
FormBook
223bbe1af0d09289a1ebeddf78e3218fcae28d0a69c291d66fee5fa29337844a
FormBook
2a40a9e18303875b2db452783190820001c898e8374864fec29793bf43bbe401
FormBook
4bc2794576ebc0396a825e7b5f5fa26303e79972e7a2d68ded5cd68729288107
FormBook
4dcaa189e4b595f7c2ea35bf30bcbee49f9f9c2a3bbe16d832a30c8df30c2a88
FormBook
730fd544eac15f337f3d2acfd6473f2ab1d8037da100855ca93cdc88f9edf681
FormBook
9c0d3c463792d704909de3a04cd7a6d31f8094301e8e24950af31cdc5e9f2838
FormBook
9c1501fbd2eb669ccbe4a41e37770191e954e6f0dd3e0a954a0670a91df3917c
FormBook
a88caf11b01cea311aca13b6e757a8974d5033e1acb8749b9d1951ed0d93d44c
FormBook
+ 4'963 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

ace 72088a4067be923dfb277f1cd6283c7b2670014e68fd0b281ac4e74f4b5b6bf1

FormBook

Executable exe 9d28d2b3cdf1132a476d9369c8226dd825be71fff0fe59de8eabc8771e4333e7

(this sample)

  
Dropped by
MD5 4bf6525bd7f7cfd4801befec1bb5b8ad
  
Dropped by
SHA256 72088a4067be923dfb277f1cd6283c7b2670014e68fd0b281ac4e74f4b5b6bf1
  
Delivery method
Distributed via e-mail attachment

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments