MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aa24408c59f3871294cf379b2b0bc57932ae884229102d005759b1cabb3dbbd9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 13


Intelligence 13 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aa24408c59f3871294cf379b2b0bc57932ae884229102d005759b1cabb3dbbd9
SHA3-384 hash: 6ce1c53e1547c89166971e3b58f07910ff8f0a7220bd32fe50cfa2dae6ad9e50b2e11bb547b0575814737d70b90de815
SHA1 hash: e4d368ea37d164aa4f02ff5c54bb77d57814943b
MD5 hash: 1be2ba79821f3c08f59c59cca294814c
humanhash: louisiana-johnny-fanta-monkey
File name:1be2ba79821f3c08f59c59cca294814c
Download: download sample
Signature Formbook
Create hunting rule
File size:246'858 bytes
First seen:2022-03-23 20:02:03 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 7fa974366048f9c551ef45714595665e (946 x Formbook, 398 x Loki, 261 x AgentTesla)
ssdeep 6144:rGiLGdIh4j7YUXOZNh68/daARbKr2omDyWmtpwqpWDINOW:HDh4j7RXO08/daARLomDUtpJpGW
Threatray 14'327 similar samples on MalwareBazaar
TLSH T118342219BAA0D8B7D7E6053505B2B376E3FE17804891BF8F5FB44FAB9592D03292C604
File icon (PE):PE icon
dhash icon b2a89c96a2cada72 (2'283 x Formbook, 981 x Loki, 803 x AgentTesla)
Reporter zbetcheckin
Tags:32 exe FormBook

Intelligence

File Origin
# of uploads :
1
# of downloads :
205
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/256861/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file in the %temp% directory
Creating a process from a recently created file
Launching a process
Сreating synchronization primitives
Launching cmd.exe command interpreter
Searching for synchronization primitives
Setting browser functions hooks
Unauthorized injection to a recently created process
Unauthorized injection to a recently created process by context flags manipulation
Unauthorized injection to a system process
Unauthorized injection to a browser process
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
control.exe overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/623b7cf4dfdfa8501cd474c9/reports/de028fb0-5f21-43af-873c-6c25af63713c/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Formbook
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/2d35d513-9306-44c9-a7e7-608115c3cb12
Result
Threat name:
FormBook
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/963144
Behaviour
Behavior Graph:
n/a
Detection:
formbook
Create hunting rule
Link:
https://mwdb.cert.pl/sample/aa24408c59f3871294cf379b2b0bc57932ae884229102d005759b1cabb3dbbd9/
Threat name:
Win32.Trojan.FormBook
Create hunting rule
Status:
Malicious
First seen:
2022-03-23 13:54:13 UTC
File Type:
PE (Exe)
Extracted files:
4
AV detection:
22 of 26 (84.62%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=visebdcz6odrffgpg6nswc6fpezk5cccfeic2acxlgy4voz5xpmq._file
Verdict:
malicious
Label(s):
formbook
Create hunting rule
Similar samples:
2573cb8f9979fab9ae06951ba1e3c96d7c49f2672369dd6ecf77fde42a0d45eb
Formbook
2ed8aeaf73ee1a3caf7eb0be7814868c4100efbe1b021e2d964db3b638dc7f3c
Formbook
452d42cbe3b01ab9afd5799a25d153b0f427a383b97c28d4bf4e1830c501ab8c
Formbook
5297d79e8c5477e872646905da36e71b4a40f9d801f34b6e4521932981f1e9c7
Formbook
5f9025473092996ecde530a0e8858fe256baec511bd44c61d8bba0fa3bd22f85
Formbook
6ecfdff224175dade2cbf63719974b5335c1a81cf787142681163ddf882ce00e
Formbook
8c7c6966c40ca10cdb43c9520c24ae932e63429fbc858b2c05f94f1bedbe0efa
Formbook
+ 14'317 additional samples on MalwareBazaar
Result
Malware family:
formbook
Create hunting rule
Score:
  10/10
Tags:
family:formbook campaign:an52 rat spyware stealer suricata trojan
Link:
https://tria.ge/reports/220323-yr6ltafagn/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Loads dropped DLL
Executes dropped EXE
Formbook Payload
Formbook
suricata: ET MALWARE FormBook CnC Checkin (GET)
Unpacked files
SH256 hash:
958fa8be7b5e04b2bf06114a4282569861e2a98bef1a532cd3e6064920d483b4
MD5 hash:
188fcc0492da79b48540140aaf8d6d92
SHA1 hash:
7fd6e8d9a0954ca1defc03a97aee65ca858e23ae
Link:
https://www.unpac.me/results/c6fd5fb0-b6fd-4e35-9a98-ef6bc10010a3/
SH256 hash:
aa24408c59f3871294cf379b2b0bc57932ae884229102d005759b1cabb3dbbd9
MD5 hash:
1be2ba79821f3c08f59c59cca294814c
SHA1 hash:
e4d368ea37d164aa4f02ff5c54bb77d57814943b
Link:
https://www.unpac.me/results/c6fd5fb0-b6fd-4e35-9a98-ef6bc10010a3/
Malware family:
FormBook
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/aa24408c59f3/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.18
Link:
https://yomi.yoroi.company/submissions/aa24408c59f3871294cf379b2b0bc57932ae884229102d005759b1cabb3dbbd9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Formbook

Executable exe aa24408c59f3871294cf379b2b0bc57932ae884229102d005759b1cabb3dbbd9

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2112757/
Cape
Cape
https://www.capesandbox.com/analysis/256861/

Comments


Avatar
zbet commented on 2022-03-23 20:02:11 UTC

url : hxxp://192.210.149.28/320/vbc.exe