MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a46f0189a9016e0af96bebed0e62fad7bbd7e6223ea036c0e6d2da4f9a04a6cc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Formbook

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	a46f0189a9016e0af96bebed0e62fad7bbd7e6223ea036c0e6d2da4f9a04a6cc
SHA3-384 hash:	1b6a53f5bb9794e8411772de1781d4d744615b25e3e6fa3d07e07b6a90338aab848524780c3932d71d41951110382d07
SHA1 hash:	1c7fa4d7b221da27e3bddc0f0d494e77df359de5
MD5 hash:	cdf8f544d5a3375d7eebe902a3a3ba50
humanhash:	mobile-stream-saturn-golf
File name:	DaJvWffC23hWF2u.exe
Download:	download sample
Signature	Formbook Create hunting rule
File size:	654'848 bytes
First seen:	2021-04-21 08:26:27 UTC
Last seen:	2021-04-21 09:07:28 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'742 x AgentTesla, 19'606 x Formbook, 12'242 x SnakeKeylogger)
ssdeep	12288:kX/rjXGmJa/knVzRRRRRf0llXmmts47CXcjccNEiDclR+lLMxG9QSe:CndJaMnpRRRRRMll9Mb6EiYyLQA2
Threatray	4'749 similar samples on MalwareBazaar
TLSH	D4D4F12877949A26D2BD0B7C9451025043F8B623A247E35D9FD0A0FD1DF3792CB6A26F
Reporter	abuse_ch
Tags:	exe FormBook

Intelligence

File Origin

# of uploads :

2

# of downloads :

110

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

DaJvWffC23hWF2u.exe

Verdict:

Malicious activity

Analysis date:

2021-04-21 08:40:50 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/7e317aaa-c037-43d1-a21b-2f3bc834b458

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/141924/

Detection(s):

SecuriteInfo.com.W32.MSIL_Kryptik.DZG.genEldorado.1606.4085.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a custom TCP request

Creating a window

Sending a UDP request

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/a46f0189a9016e0af96bebed0e62fad7bbd7e6223ea036c0e6d2da4f9a04a6cc/

Threat name:

ByteCode-MSIL.Trojan.Injuke

Status:

Malicious

First seen:

2021-04-21 08:36:51 UTC

AV detection:

12 of 29 (41.38%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=urxqdcnjafxav6ll5pwq4yx22655pzrch2qdnqhg2lne7gqeu3ga._file

Verdict:

malicious

Label(s):

formbook

Similar samples:

0fce851d001cb1a92a7939eb6a9fac428f5fd9750caa9a1981e27fd659c32c03

56368dfb68347ec22ba4d8d1d16e1acc9dbf37acf30803ef92f75f27f0a6a6a5

6f4fbab85c58d588450bc856ceff3894645e0033b4c4d2684184a8430c01daa4

7f6694752a3e50d4f811fb5c807f305ba5c4b422c3fa10468132575c6c2505b6

957c5b5a6f0af47354f9ed2d09522fc671b8c0af06e3f3a5b6354e111b2c8129

9dac57302e2261a1a3c6a665d3960525b27fb70a1fd6b1e135a3e72f11c6f3e6

a2a17c9009ccab88bdfc20c958b900a5f1fdb2cd67d54ea265e902e9c3e0383e

a2cdf452f83aa86c0f3ade321cfc00a9ed3671082372081a67cad84a26492051

d69345d398849a377103e09925aca369a6ee8fdaca08745d3bbb02aa79eb2861

e68f17cfe87742103150ca9abd6cc16581caa6e0e0243d03fae2c89c2609c974

+ 4'739 additional samples on MalwareBazaar

Result

Malware family:

formbook

Score:

10/10

Tags:

family:formbook rat spyware stealer trojan

Link:

https://tria.ge/reports/210421-6z7nqn7y3a/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: MapViewOfSection

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Deletes itself

Formbook Payload

Formbook

Malware Config

C2 Extraction:

http://www.sevenwhale.com/sdh/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.35

Link:

https://yomi.yoroi.company/submissions/a46f0189a9016e0af96bebed0e62fad7bbd7e6223ea036c0e6d2da4f9a04a6cc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/141924/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample