MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 a9da529f0ad9088cec7e9441a7081084f417655533998caa004597a1bc6ef262. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 5
| SHA256 hash: | a9da529f0ad9088cec7e9441a7081084f417655533998caa004597a1bc6ef262 |
|---|---|
| SHA3-384 hash: | 8121393fd7d1db1984afd3c777344df808be7b2fde26274b30abc96a248c52ad78c7db3ad8e7e0d25e6d2dd1db51a823 |
| SHA1 hash: | 88d09160f6f5aff929627066422fc1b10418af64 |
| MD5 hash: | 5e1f465d19e1b8fcdde43f6e5e65db0c |
| humanhash: | utah-london-hotel-delaware |
| File name: | May First Purchase Order_1-2_doc.pdf.exe |
| Download: | download sample |
| File size: | 1'290'752 bytes |
| First seen: | 2020-05-13 10:06:45 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 3d95adbf13bbe79dc24dccb401c12091 (881 x AgentTesla, 737 x FormBook, 236 x SnakeKeylogger) |
| ssdeep | 24576:ptb20pkaCqT5TBWgNQ7apCu/Ey2Zu1wRnPSecI6A:6Vg5tQ7apCOP2sanJp5 |
| Threatray | 5'670 similar samples on MalwareBazaar |
| TLSH | 9755AD1263DD8264F27F52737A157701EE7B782535A1FCBB2FA4093CA9221210F1A66F |
| Reporter |  abuse_ch |
| Tags: | exe |
abuse_ch
Malspam distributing unidentified malware:HELO: vps34120.inmotionhosting.com
Sending IP: 70.39.250.117
From: MARINA KNEZEVIC <marina.knezevic@exitltd.co.rs>
Subject: Urgent Purchase Order
Attachment: May First Purchase Order_1-2_doc.pdf.z (contains "May First Purchase Order_1-2_doc.pdf.exe")
Intelligence
File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Status:
Malicious
First seen:
2020-05-12 22:24:22 UTC
File Type:
PE (Exe)
Extracted files:
11
AV detection:
23 of 31 (74.19%)
Threat level:
2/5
Detection(s):
Suspicious file
Verdict:
malicious
Similar samples:
+ 5'660 additional samples on MalwareBazaar
Result
Malware family:
formbook
Score:
10/10
Tags:
family:formbook persistence rat spyware stealer trojan
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Gathers network information
Modifies Internet Explorer settings
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Drops file in Program Files directory
Suspicious use of SetThreadContext
Adds Run key to start application
Reads user/profile data of web browsers
Formbook Payload
Formbook
Malware Config
C2 Extraction:
http://www.hearxy.com/t9v/
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
exe a9da529f0ad9088cec7e9441a7081084f417655533998caa004597a1bc6ef262
(this sample)
Delivery method
Distributed via e-mail attachment
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.