MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9d669c62373e85e0a950edffebc9e17eb682708192df5d05226590a822f81486. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9d669c62373e85e0a950edffebc9e17eb682708192df5d05226590a822f81486
SHA3-384 hash: 2aa2ded5760e0710a0425ec9b9d5071df2a9b314a01be9622c4586587cef221176ebe817a195a2382304d4ddbb8c156f
SHA1 hash: 324fabcdba9c53b253b0942ab5c3c0e2b27c8ad6
MD5 hash: 6a1c7256d8a418c11e20eae8d25ebf9a
humanhash: jersey-green-spaghetti-earth
File name:T2812A.r11
Download: download sample
Signature Formbook
Create hunting rule
File size:330'939 bytes
First seen:2021-10-29 11:55:40 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:2wTe4hUtUVqoUacnhnG8VWoqkr7dw9Hi6IPVnm4Acjzzj9kpBEwPw+:FtcV/VrpryHiFPNdzz5kpSH+
TLSH T1666423AC889DF8C317A948A833D87C56467FEF713AD46464E236B384CDA933F49C2255
Reporter cocaman
Tags:FormBook r11 rar


Avatar
cocaman
Malicious email (T1566.001)
From: "Scheduling - Signature Stone <scheduling@signaturestoneqld.com.au>" (likely spoofed)
Received: "from signaturestoneqld.com.au (unknown [45.137.22.158]) "
Date: "29 Oct 2021 13:55:07 +0200"
Subject: "T2812A - Gerry - Supply Only"
Attachment: "T2812A.r11"

Intelligence

File Origin
# of uploads :
1
# of downloads :
195
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9d669c62373e85e0a950edffebc9e17eb682708192df5d05226590a822f81486/
Threat name:
Win32.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2021-10-29 11:56:03 UTC
AV detection:
12 of 28 (42.86%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=tvtjyyrxh2c6bkkq5x76xspbp23ie4ebslpv2bjcmwikqixycsda._file
Result
Malware family:
xloader
Create hunting rule
Score:
  10/10
Tags:
family:xloader campaign:snec loader rat suricata
Link:
https://tria.ge/reports/211029-n316cshhgr/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Deletes itself
Xloader Payload
Xloader
suricata: ET MALWARE FormBook CnC Checkin (GET)
Malware Config
C2 Extraction:
http://www.go2payme.com/snec/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.65
Link:
https://yomi.yoroi.company/submissions/9d669c62373e85e0a950edffebc9e17eb682708192df5d05226590a822f81486

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar 9d669c62373e85e0a950edffebc9e17eb682708192df5d05226590a822f81486

(this sample)

Formbook

Executable exe 724908fa2c546fad14d2a687c9f471f75548903b2d94fb903d617570cedaef7f

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 724908fa2c546fad14d2a687c9f471f75548903b2d94fb903d617570cedaef7f
  
Dropping
Formbook

Comments