MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a4e51503957292fe946f001fdcaf2b6ac7cd935c7bca80d5f79754c14d93e03d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Formbook

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	a4e51503957292fe946f001fdcaf2b6ac7cd935c7bca80d5f79754c14d93e03d
SHA3-384 hash:	435b858b737a0d49813addb784298347bf6f8296d38ae02313d7d6750277f30b9f3f9d1398edca86b8f1cab3ae92a0eb
SHA1 hash:	9cc36597a4578f8c1aadcd82b186a4d48843f723
MD5 hash:	02bc2953e55c6a1123b1c28a38ee7ea9
humanhash:	tennis-summer-carolina-winner
File name:	DAR_ NALJART TECHNOLOGY_PREORDER LIST.xll
Download:	download sample
Signature	Formbook Create hunting rule
File size:	5'120 bytes
First seen:	2022-03-01 07:51:05 UTC
Last seen:	Never
File type:	xll
MIME type:	application/x-dosexec
ssdeep	48:ZvtfeszQNxQKArfxBW57Hob7wmkFB0Gj1BkM/aWESSvHqeqBxeWu:Z12szOagjRtFB0U1MWEQ1
Threatray	14'463 similar samples on MalwareBazaar
TLSH	T1D9B15D86B795157BC0741D38D398D43022E6E822FF8AB31225C353F9EC14BD4C769413
Reporter	abuse_ch
Tags:	FormBook xll

Intelligence

File Origin

# of uploads :

1

# of downloads :

113

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Win64.TrojanDownloader.Agent.KE.30058.16526.UNOFFICIAL

Result

Verdict:

Malicious

File Type:

Office Add-Ins - Suspicious

Link:

https://app.docguard.net/a4e51503957292fe946f001fdcaf2b6ac7cd935c7bca80d5f79754c14d93e03d/results/dashboard

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

packed

Link:

https://www.filescan.io/uploads/621dd074b94fb38cb42c5b4a/reports/9c362ac8-a700-4c83-b57d-42b2e91dd261/overview

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/a4e51503957292fe946f001fdcaf2b6ac7cd935c7bca80d5f79754c14d93e03d/

Threat name:

Win64.Trojan.Tnega

Status:

Malicious

First seen:

2022-03-01 02:41:29 UTC

File Type:

PE+ (Dll)

AV detection:

21 of 28 (75.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=utsrka4vokjp5fdpaap5zlzlnld43e24ppfibvpxs5kmctmt4a6q._file

Verdict:

malicious

Label(s):

formbook

Similar samples:

5c8f31380d956958134331ea55e63835fd16ca1f02f4c81672b69db70bc97ab8

73b461809cd7295bd5b96d49742acee5ab83f55e774fdc426e7e184bb1fcf097

779f51468b459d7e4fa2fb6dafabd1771416f00bdd0ad587b1f3119da41edd5e

95b6ba2be30399f87d20e021bee29f0eb46773b67407f3ed9987d22610d5249d

982e727a53a27d2bfbaea608209b315bc892947a1ef954033f1b29c687b6e001

ab12ca2a034e07fbdd6c9d6c31270f52173cd8559e12aad0aea593cc460867cd

bb407aec9554cfa1ca49316956bb79bc0d4b56de2041ac864dcca689997bf20f

ce50b9267e52d36420b01ad72bfa8f64c9d561d6ce1083e29aa68268a06815c4

e6cde5c1b614549613d30761b34c899f4ff69d7e6e3147c21d68bedd64f8fe25

fd137acb0bda1d576079078b74fe610d16031da47a801440c7ba955f4504a6e5

+ 14'453 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

10/10

Tags:

n/a

Link:

https://tria.ge/reports/220301-jpw72ahad4/

Behaviour

Checks processor information in registry

Enumerates system info in registry

Modifies Internet Explorer settings

Modifies registry class

Suspicious behavior: AddClipboardFormatListener

Suspicious use of SetWindowsHookEx

Loads dropped DLL

Downloads MZ/PE file

Executes dropped EXE

Malware family:

XLoader

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/a4e515039572/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.16

Link:

https://yomi.yoroi.company/submissions/a4e51503957292fe946f001fdcaf2b6ac7cd935c7bca80d5f79754c14d93e03d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample