MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a05c75cc33b9e7a07f7fed5462e81d59577a90de4f0460ebea2e11865bd944d5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a05c75cc33b9e7a07f7fed5462e81d59577a90de4f0460ebea2e11865bd944d5
SHA3-384 hash: fa7fb6405b0c366861cd70af7f71042935a3faa65a7abdde0987a0c8a436b6cd6856bca9147dbe762afe2c9cd90c9443
SHA1 hash: 3f269af9cdf287515d183c29163322fb70bee505
MD5 hash: cf6a719fc5ce055c5ea91fd5a72e5276
humanhash: mexico-lemon-oklahoma-equal
File name:Minutes of Meeting 22062021.gz
Download: download sample
Signature Formbook
Create hunting rule
File size:797'909 bytes
First seen:2021-06-25 06:14:31 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 24576:v1qsCjFBq8Lj6pBxKfZKIePDIBixdJaRZMRAxKf:9xm68ABxKsIOIBiLJ8ZZxKf
TLSH 5105233536C80EA849C66AE554D7FDA6F12F68EC472DC144CB9050FC687ECA9322FA07
Reporter cocaman
Tags:FormBook gz


Avatar
cocaman
Malicious email (T1566.001)
From: "Jorge Beltra <jbeltra@aitex.es>" (likely spoofed)
Received: "from aitex.es (unknown [185.222.58.148]) "
Date: "24 Jun 2021 11:51:25 +0200"
Subject: "=?UTF-8?B?UmVzdW1lbiBkZSBsYSByZXVuacOzbiAyMi8wNi8yMDIx?="
Attachment: "Minutes of Meeting 22062021.gz"

Intelligence

File Origin
# of uploads :
1
# of downloads :
108
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a05c75cc33b9e7a07f7fed5462e81d59577a90de4f0460ebea2e11865bd944d5/
Threat name:
ByteCode-MSIL.Spyware.Negasteal
Create hunting rule
Status:
Malicious
First seen:
2021-06-24 08:32:32 UTC
AV detection:
11 of 29 (37.93%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ubohltbtxht2a7375vkgf2a5lflxveg6j4cgb27kfyiymw6zitkq._file
Result
Malware family:
xloader
Create hunting rule
Score:
  10/10
Tags:
family:xloader loader rat
Link:
https://tria.ge/reports/210625-1b9jb45sme/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Deletes itself
Xloader Payload
Xloader
Malware Config
C2 Extraction:
http://www.wwwgraciescottage.com/u9pi/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.65
Link:
https://yomi.yoroi.company/submissions/a05c75cc33b9e7a07f7fed5462e81d59577a90de4f0460ebea2e11865bd944d5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

gz a05c75cc33b9e7a07f7fed5462e81d59577a90de4f0460ebea2e11865bd944d5

(this sample)

Formbook

Executable exe a29d5d9dae6f9937c1f0dcf733031f3478d74f326c1913727eb9e65e53c82ab9

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a29d5d9dae6f9937c1f0dcf733031f3478d74f326c1913727eb9e65e53c82ab9
  
Dropping
Formbook

Comments