MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9f1499cbd4efd2e15b95e7e848598ff522bcb740bfb81c34d6c7f596d981439b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9f1499cbd4efd2e15b95e7e848598ff522bcb740bfb81c34d6c7f596d981439b
SHA3-384 hash: 20733cd15cfbaedfa1d4be11e27c4291d366bc09c5baba8673e7231cdd574ed0636c517d96f6715136ca6ebb32285f89
SHA1 hash: efec48edee978ae113c1e1ca3aa84838bd0c4917
MD5 hash: 3e712f534c2a2a0dc3037549baa1cbab
humanhash: speaker-oxygen-fish-west
File name:DHL DENİZCİlİk BELGESİ DELIVERY_02-02-2022,pdf.exe
Download: download sample
Signature Formbook
Create hunting rule
File size:388'655 bytes
First seen:2022-02-03 08:15:25 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 099c0646ea7282d232219f8807883be0 (476 x Formbook, 210 x Loki, 107 x AgentTesla)
ssdeep 6144:+wH1cRcMdPkIJQpInl3Xk973erW7SgOPWxuthWme6AteFrvDi7omdqUNV1w:Y8IJ6Inl3Xk9bSPWxuth1eFeFr+c8bO
Threatray 13'203 similar samples on MalwareBazaar
TLSH T1F184E0EDE48488A6DC571B748533AD364AA7BE3A7D7CA80FD69839122B731C34016C5F
File icon (PE):PE icon
dhash icon 8acb02020000002c (3 x Formbook)
Reporter abuse_ch
Tags:DHL exe FormBook geo TUR

Intelligence

File Origin
# of uploads :
1
# of downloads :
156
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/231772/
Detection(s):
SecuriteInfo.com.FakeAV.CXA.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
DNS request
Sending a custom TCP request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
control.exe overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/61fb8f5418d1bfdde4eeda8b/reports/b2bbd28f-e3b3-4cc8-9470-8f4854fa4181/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/dbfd5a36-d05c-4349-834d-f7ffe7eae2f7
Result
Threat name:
FormBook
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/933119
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9f1499cbd4efd2e15b95e7e848598ff522bcb740bfb81c34d6c7f596d981439b/
Threat name:
Win32.Trojan.SpyNoon
Create hunting rule
Status:
Malicious
First seen:
2022-02-02 13:16:00 UTC
File Type:
PE (Exe)
Extracted files:
4
AV detection:
19 of 28 (67.86%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=t4kjts6u57jocw4v47ueqwmp6urlzn2ax64byngwy72znwmbionq._file
Verdict:
malicious
Label(s):
formbook
Create hunting rule
Similar samples:
01222693e4698149f19d31ac66567a9815f89509bac13d690de8a5afda2bee08
Formbook
02770b935248ab8dc915413f9d9fc3090749bda9ed3185df7a8c253a76f8253f
Formbook
07bed83b3f7c13154a148f82ceac3fe9f68a7995ed5a939e91427e611bfaa863
Formbook
61f0f1442cc29e258378687f8a03c7b5a07785bcffe03aa4fb8a308246060ca5
Formbook
91fc998d3030b2771d47e14af94e90585fd5822ea3a3152514da8e63aa6b7e25
Formbook
d36d73e78b048c34b8ed4b2c1035f27c0c1857ae8eb5f1167942981139138b35
Formbook
dab25e8c1516ece436f339c556e488ead016d9e7ba2c3a9d8a78f47ab19bfaec
Formbook
f75fa96a8fe88dc2fffd64208705d26fb980db33afff6b872f34e1f9034e0363
Formbook
fcaf8625fb1fa5959b8739045ac7531e3b6368e2276d66cbd04eb608f3614abd
Formbook
+ 13'193 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Link:
https://tria.ge/reports/220203-j5626sefg5/
Behaviour
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
Enumerates physical storage devices
Drops file in Windows directory
Sets service image path in registry
Unpacked files
SH256 hash:
b7de84e31050032ee015c00a9612c4bc8161a8804e400a65148d99094e22d7c4
MD5 hash:
46d7d2bd0f5a6387288b9b88e1eee6d9
SHA1 hash:
f15d3e5a4ca3be1c0cdabec5f33eb9f2f4f08191
Link:
https://www.unpac.me/results/d28d40bd-fa50-4ed0-a504-4d1dd721242c/
SH256 hash:
b36cc3f09cf8a8d5bcf247ac37505b13f11a0b6b546df3a0dfca5ef776a87a43
MD5 hash:
36af073ef2298dbb5936de57b50fc004
SHA1 hash:
5c0837d53f75c4abd25da58eef8f0e0e6ed01b92
Link:
https://www.unpac.me/results/d28d40bd-fa50-4ed0-a504-4d1dd721242c/
SH256 hash:
9f1499cbd4efd2e15b95e7e848598ff522bcb740bfb81c34d6c7f596d981439b
MD5 hash:
3e712f534c2a2a0dc3037549baa1cbab
SHA1 hash:
efec48edee978ae113c1e1ca3aa84838bd0c4917
Link:
https://www.unpac.me/results/d28d40bd-fa50-4ed0-a504-4d1dd721242c/
Malware family:
XLoader
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/9f1499cbd4ef/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.43
Link:
https://yomi.yoroi.company/submissions/9f1499cbd4efd2e15b95e7e848598ff522bcb740bfb81c34d6c7f596d981439b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

Executable exe 9f1499cbd4efd2e15b95e7e848598ff522bcb740bfb81c34d6c7f596d981439b

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/231772/

Comments