MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a70d8c885f8940706226618570ac469b5d45426837c550a15a901a831420daf6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Formbook

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	a70d8c885f8940706226618570ac469b5d45426837c550a15a901a831420daf6
SHA3-384 hash:	2aab5f5b874ec8f829a7e38648afb872fb07cd51759c05a89d5818d0f9a855af44f417147949930f32cedbe33bfa4c13
SHA1 hash:	48d2569f5f9f5b01acc37b7445dd4d2481c10bca
MD5 hash:	c4ebc0bddd94cea6772c34adc9184d7a
humanhash:	fix-october-delaware-football
File name:	Sipariş PO CBV87654468,pdf.exe
Download:	download sample
Signature	Formbook Create hunting rule
File size:	384'633 bytes
First seen:	2022-02-09 07:34:58 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	099c0646ea7282d232219f8807883be0 (476 x Formbook, 210 x Loki, 107 x AgentTesla)
ssdeep	6144:hwG4d7xRCTsbopUNCa14JDMXCMjs2yd9/qH3qC:W7WsspEH1SIXC2sDRW3R
Threatray	13'170 similar samples on MalwareBazaar
TLSH	T12E84DF46BFD78992E1F3C5791F98DD79C89EBACB0670042B778C9B6F78200850D0AA4D
File icon (PE):
dhash icon	f4f4ccccccd4d0dc (1 x Formbook, 1 x RemcosRAT, 1 x DarkCloud)
Reporter	abuse_ch
Tags:	exe FormBook geo TUR

Intelligence

File Origin

# of uploads :

1

# of downloads :

189

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/239282/

Detection(s):

SecuriteInfo.com.FakeAV.CXA.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

DNS request

Sending a custom TCP request

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

control.exe overlay packed shell32.dll

Link:

https://www.filescan.io/uploads/62036eb34077c8b9a025276b/reports/dabd78ca-1028-4032-accf-7fa161bd3b9e/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Formbook

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/2df4ccd1-1b5f-4888-a1bb-acfb546ef786

Result

Threat name:

FormBook

Detection:

malicious

Classification:

troj.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/936623

Behaviour

Behavior Graph:

n/a

Detection:

xloader

Link:

https://mwdb.cert.pl/sample/a70d8c885f8940706226618570ac469b5d45426837c550a15a901a831420daf6/

Threat name:

Win32.Trojan.Risis

Status:

Malicious

First seen:

2022-02-08 19:04:28 UTC

AV detection:

16 of 43 (37.21%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=u4gyzcc7rfahayrgmgcxblcgtnoukqtig7cvbik2sanigfba3l3a._file

Verdict:

malicious

Label(s):

formbook

Similar samples:

31168981af16e0fc209774a91e04e5aaf622cacbed12e970b7a35db0705174d6

3c3ef93ea804d5d80ecbdb244ddf7fe2ab657f54089a397f0c79d89dfef5c95c

7c7116c6a0f1e06e4c252ea45668b85c1fdf3f35216097be1208e14be4066b36

b1e2238ed835357f061456c7a38d0620cef8b78f0e1a9856133cc5b2805e0ed1

c68187b173ad6e5f68910e7e23137e30c348192f861ef27e45bf82c0bc8663e8

e8720afe9895124761086a0f00aa515997015669cc5332aebe99d5ea02ca7377

e8e0f125d909bafae93f469222f2cfbcb30585e03825d8442c8934a92fdd6c89

efc056b28454aeb8274bbeef16c7c21bb1d4aabd18e06e36627407612d7c6a16

f777ad0feb1db2da7abb7c793515f7af49d06a7b4fc5904a9da436ccbd59ddc3

+ 13'160 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

4/10

Tags:

n/a

Link:

https://tria.ge/reports/220209-jep1zahef2/

Behaviour

Checks processor information in registry

Modifies data under HKEY_USERS

Enumerates physical storage devices

Drops file in Windows directory

Unpacked files

SH256 hash:

fc1b5b2768db34a8c4736edb2327f65a74707b6d4d2b46246a657c103950d722

MD5 hash:

16dda8eabb48dd675af13d82b575f2e7

SHA1 hash:

ce2b022026f490347c8122819f343ef927cf597a

Detections:

win_formbook_g0

win_formbook_auto

Link:

https://www.unpac.me/results/77d1acc8-fb9e-42a5-ac56-4ee10bcb328c/

Parent samples :

81fc763d0863d2011499222a0683aed63c881b20ccf70d5775125451bf36b76a
e8e0f125d909bafae93f469222f2cfbcb30585e03825d8442c8934a92fdd6c89
a70d8c885f8940706226618570ac469b5d45426837c550a15a901a831420daf6
7096f1d2fd14899772fd59c0c7108372d4159ae301b5a790a83c3b42fd366b06
c0d4b591f9c05876d94bcf96f1a91142b1c626093a31e7040a074cf6cfab7e27
5bda5e99c085fb725298ccd23fb9093199c1299e274d0d1bf3ea6d5ad603c518
82ef1696bde1a62d88395ccf385620e0ab4986c41edb7ea197cb8a96fefd1044
0e620198a4a7ea1ae42f2a6a9b0e8c40ce320fc2f52710d86f4158272ebb248f
3f10048526484b831c452aa092009fd9291a043d6c6762e26b88777dcfc35cc4
a5c13a058471a83c916b72920a93cccf42b19de33883004c8048f45ca8a1867f
2b8099c7609f56157c7d2cb7e1da50b2ff85edb62e7599ca995a691b458ceb31
bf9947c6aff5ae8782f98e274a318d36e63c1a95b822ecfe809c6299d26b07b3
74b0f2384ab42a60f4e80f1b3f491989daf0571bc2a753b29dc8ceb30fd3b165
dd6558ccea953f6af92b65eb96b21e9b336f62fe9567f70f92b0973359dff939

SH256 hash:

8942a5df578308d216fe812f93d39e886d0ab16e5af2a3c159d9401dbbfbb8c2

MD5 hash:

e18e7c4bae5444d38f612d3ab0d787bc

SHA1 hash:

8a43d76cee0ee8a053b7ecfd54a440794b0a24d2

Link:

https://www.unpac.me/results/77d1acc8-fb9e-42a5-ac56-4ee10bcb328c/

SH256 hash:

a70d8c885f8940706226618570ac469b5d45426837c550a15a901a831420daf6

MD5 hash:

c4ebc0bddd94cea6772c34adc9184d7a

SHA1 hash:

48d2569f5f9f5b01acc37b7445dd4d2481c10bca

Link:

https://www.unpac.me/results/77d1acc8-fb9e-42a5-ac56-4ee10bcb328c/

Malware family:

XLoader

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/a70d8c885f89/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/239282/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample