MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 ac0ae00f56127b9a2036156b7fb50c8eb65347d8773ca8a6e5ca0f92cc39ca59. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Formbook
Vendor detections: 13
| SHA256 hash: | ac0ae00f56127b9a2036156b7fb50c8eb65347d8773ca8a6e5ca0f92cc39ca59 |
|---|---|
| SHA3-384 hash: | 2ea1cd7e02385c0c9cfa64b038707cf1dc51b0c2c6dfad768cc749a9b9f4fdd820d2f2ed812b906171958aa08db52478 |
| SHA1 hash: | a479e4bd7826de68a5cfba5c474d5c1fd547c58d |
| MD5 hash: | 1742b7804fc8a128246e51bcaf9a5dae |
| humanhash: | vermont-cardinal-enemy-steak |
| File name: | ac0ae00f56127b9a2036156b7fb50c8eb65347d8773ca8a6e5ca0f92cc39ca59 |
| Download: | download sample |
| Signature | Formbook |
| File size: | 1'019'904 bytes |
| First seen: | 2023-07-05 13:05:22 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | f34d5f2d4577ed6d9ceec516c1f5a744 (48'647 x AgentTesla, 19'451 x Formbook, 12'201 x SnakeKeylogger) |
| ssdeep | 24576:gM3i+HlWxMiQW/O4ue78mTxh4jZHQCFN8aWzL0zeqsjapc:RBlYMiQWmS78or4Fe/YK/m |
| Threatray | 3'298 similar samples on MalwareBazaar |
| TLSH | T12F25AD38E3A99E1DD8769BF944B4D3704BA09C1D6811DACD1FC236CA1E72FC25A0D867 |
| TrID | 71.1% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13) 10.2% (.EXE) Win64 Executable (generic) (10523/12/4) 6.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 4.3% (.EXE) Win32 Executable (generic) (4505/5/1) 2.0% (.ICL) Windows Icons Library (generic) (2059/9) |
| File icon (PE): |  |
| dhash icon | 00ecd0f8f8f0c400 (26 x AgentTesla, 20 x SnakeKeylogger, 5 x Formbook) |
| Reporter |  adrian__luca |
| Tags: | exe FormBook |
Intelligence
File Origin
# of uploads :
1
# of downloads :
286
Origin country :
HUVendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
ac0ae00f56127b9a2036156b7fb50c8eb65347d8773ca8a6e5ca0f92cc39ca59
Verdict:
No threats detected
Analysis date:
2023-06-29 11:52:47 UTC
Tags:
n/a
Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Formbook
Detection(s):
Result
Verdict:
Malware
Maliciousness:
Behaviour
Searching for the window
Creating a window
Restart of the analyzed sample
Verdict:
Malicious
Threat level:
10/10
Confidence:
100%
Tags:
floxif lokibot packed strictor virus
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Formbook
Verdict:
Malicious
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
60 / 100
Signature
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Threat name:
ByteCode-MSIL.Trojan.Remcos
Status:
Malicious
First seen:
2023-06-05 13:24:02 UTC
File Type:
PE (.Net Exe)
Extracted files:
40
AV detection:
29 of 38 (76.32%)
Threat level:
5/5
Detection(s):
Suspicious file
Verdict:
malicious
Label(s):
formbook
Similar samples:
+ 3'288 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
5/10
Tags:
n/a
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Unpacked files
SH256 hash:
e97591d3e0842b8b0979a697e0ed324be700cc2cdfa15d36da83712706fd8344
MD5 hash:
90c1f133448b0db9a3ac0b41061b5b40
SHA1 hash:
c5ead997311c3f5fc0481800bb2d57b179d74547
Detections:
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
SH256 hash:
457bdb6cb0e234de0c88c175317027d4129709efd24930042e58f58567f92054
MD5 hash:
3289a47521a16ebd3daa6af68ffc8a78
SHA1 hash:
0f6e05089fff9f784a3129a8119a7b6bd2fbf135
SH256 hash:
2f13f4db3405dfac3dd2945be3de440607b6e8479951c2630823009700083953
MD5 hash:
084fd7e237ece48508277cdfd578e47d
SHA1 hash:
f152839ca9518552e41320c8b3bab96d01a911e5
SH256 hash:
c440617e04a50ced73c8ab992cbe8d8954a3e41f21f046ee9d1f2a41ea9b416d
MD5 hash:
9390df6c9a6111978dee5414bc42eda6
SHA1 hash:
d3cb1c366b9e466afa93eb369838a04d30777795
SH256 hash:
7798c68d73954129d853b5f090862322a18f3032ef74d1a11318b6b3f3ac6e07
MD5 hash:
4bc196c134a0cdff79b0c94d56ea6da9
SHA1 hash:
b77ba98e49e402835c870af0be532dd10ecb36df
SH256 hash:
f081fb94e41b76bb846b02070facc524707aec02c0ba18cdbab2b3426954b981
MD5 hash:
21155abee7b872548ee63e3c3572fc57
SHA1 hash:
44dcb658619834b3ea5026ffac0345dfee845367
SH256 hash:
e97591d3e0842b8b0979a697e0ed324be700cc2cdfa15d36da83712706fd8344
MD5 hash:
90c1f133448b0db9a3ac0b41061b5b40
SHA1 hash:
c5ead997311c3f5fc0481800bb2d57b179d74547
Detections:
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
SH256 hash:
457bdb6cb0e234de0c88c175317027d4129709efd24930042e58f58567f92054
MD5 hash:
3289a47521a16ebd3daa6af68ffc8a78
SHA1 hash:
0f6e05089fff9f784a3129a8119a7b6bd2fbf135
SH256 hash:
2f13f4db3405dfac3dd2945be3de440607b6e8479951c2630823009700083953
MD5 hash:
084fd7e237ece48508277cdfd578e47d
SHA1 hash:
f152839ca9518552e41320c8b3bab96d01a911e5
SH256 hash:
c440617e04a50ced73c8ab992cbe8d8954a3e41f21f046ee9d1f2a41ea9b416d
MD5 hash:
9390df6c9a6111978dee5414bc42eda6
SHA1 hash:
d3cb1c366b9e466afa93eb369838a04d30777795
SH256 hash:
7798c68d73954129d853b5f090862322a18f3032ef74d1a11318b6b3f3ac6e07
MD5 hash:
4bc196c134a0cdff79b0c94d56ea6da9
SHA1 hash:
b77ba98e49e402835c870af0be532dd10ecb36df
SH256 hash:
f081fb94e41b76bb846b02070facc524707aec02c0ba18cdbab2b3426954b981
MD5 hash:
21155abee7b872548ee63e3c3572fc57
SHA1 hash:
44dcb658619834b3ea5026ffac0345dfee845367
SH256 hash:
e97591d3e0842b8b0979a697e0ed324be700cc2cdfa15d36da83712706fd8344
MD5 hash:
90c1f133448b0db9a3ac0b41061b5b40
SHA1 hash:
c5ead997311c3f5fc0481800bb2d57b179d74547
Detections:
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
SH256 hash:
457bdb6cb0e234de0c88c175317027d4129709efd24930042e58f58567f92054
MD5 hash:
3289a47521a16ebd3daa6af68ffc8a78
SHA1 hash:
0f6e05089fff9f784a3129a8119a7b6bd2fbf135
SH256 hash:
2f13f4db3405dfac3dd2945be3de440607b6e8479951c2630823009700083953
MD5 hash:
084fd7e237ece48508277cdfd578e47d
SHA1 hash:
f152839ca9518552e41320c8b3bab96d01a911e5
SH256 hash:
c440617e04a50ced73c8ab992cbe8d8954a3e41f21f046ee9d1f2a41ea9b416d
MD5 hash:
9390df6c9a6111978dee5414bc42eda6
SHA1 hash:
d3cb1c366b9e466afa93eb369838a04d30777795
SH256 hash:
7798c68d73954129d853b5f090862322a18f3032ef74d1a11318b6b3f3ac6e07
MD5 hash:
4bc196c134a0cdff79b0c94d56ea6da9
SHA1 hash:
b77ba98e49e402835c870af0be532dd10ecb36df
SH256 hash:
f081fb94e41b76bb846b02070facc524707aec02c0ba18cdbab2b3426954b981
MD5 hash:
21155abee7b872548ee63e3c3572fc57
SHA1 hash:
44dcb658619834b3ea5026ffac0345dfee845367
SH256 hash:
e97591d3e0842b8b0979a697e0ed324be700cc2cdfa15d36da83712706fd8344
MD5 hash:
90c1f133448b0db9a3ac0b41061b5b40
SHA1 hash:
c5ead997311c3f5fc0481800bb2d57b179d74547
Detections:
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
SH256 hash:
457bdb6cb0e234de0c88c175317027d4129709efd24930042e58f58567f92054
MD5 hash:
3289a47521a16ebd3daa6af68ffc8a78
SHA1 hash:
0f6e05089fff9f784a3129a8119a7b6bd2fbf135
SH256 hash:
2f13f4db3405dfac3dd2945be3de440607b6e8479951c2630823009700083953
MD5 hash:
084fd7e237ece48508277cdfd578e47d
SHA1 hash:
f152839ca9518552e41320c8b3bab96d01a911e5
SH256 hash:
c440617e04a50ced73c8ab992cbe8d8954a3e41f21f046ee9d1f2a41ea9b416d
MD5 hash:
9390df6c9a6111978dee5414bc42eda6
SHA1 hash:
d3cb1c366b9e466afa93eb369838a04d30777795
SH256 hash:
7798c68d73954129d853b5f090862322a18f3032ef74d1a11318b6b3f3ac6e07
MD5 hash:
4bc196c134a0cdff79b0c94d56ea6da9
SHA1 hash:
b77ba98e49e402835c870af0be532dd10ecb36df
SH256 hash:
f081fb94e41b76bb846b02070facc524707aec02c0ba18cdbab2b3426954b981
MD5 hash:
21155abee7b872548ee63e3c3572fc57
SHA1 hash:
44dcb658619834b3ea5026ffac0345dfee845367
SH256 hash:
e97591d3e0842b8b0979a697e0ed324be700cc2cdfa15d36da83712706fd8344
MD5 hash:
90c1f133448b0db9a3ac0b41061b5b40
SHA1 hash:
c5ead997311c3f5fc0481800bb2d57b179d74547
Detections:
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
SH256 hash:
457bdb6cb0e234de0c88c175317027d4129709efd24930042e58f58567f92054
MD5 hash:
3289a47521a16ebd3daa6af68ffc8a78
SHA1 hash:
0f6e05089fff9f784a3129a8119a7b6bd2fbf135
SH256 hash:
2f13f4db3405dfac3dd2945be3de440607b6e8479951c2630823009700083953
MD5 hash:
084fd7e237ece48508277cdfd578e47d
SHA1 hash:
f152839ca9518552e41320c8b3bab96d01a911e5
SH256 hash:
c440617e04a50ced73c8ab992cbe8d8954a3e41f21f046ee9d1f2a41ea9b416d
MD5 hash:
9390df6c9a6111978dee5414bc42eda6
SHA1 hash:
d3cb1c366b9e466afa93eb369838a04d30777795
SH256 hash:
e97591d3e0842b8b0979a697e0ed324be700cc2cdfa15d36da83712706fd8344
MD5 hash:
90c1f133448b0db9a3ac0b41061b5b40
SHA1 hash:
c5ead997311c3f5fc0481800bb2d57b179d74547
Detections:
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
win_formbook_w0
win_formbook_auto
win_formbook_g0
SH256 hash:
7798c68d73954129d853b5f090862322a18f3032ef74d1a11318b6b3f3ac6e07
MD5 hash:
4bc196c134a0cdff79b0c94d56ea6da9
SHA1 hash:
b77ba98e49e402835c870af0be532dd10ecb36df
SH256 hash:
457bdb6cb0e234de0c88c175317027d4129709efd24930042e58f58567f92054
MD5 hash:
3289a47521a16ebd3daa6af68ffc8a78
SHA1 hash:
0f6e05089fff9f784a3129a8119a7b6bd2fbf135
SH256 hash:
f081fb94e41b76bb846b02070facc524707aec02c0ba18cdbab2b3426954b981
MD5 hash:
21155abee7b872548ee63e3c3572fc57
SHA1 hash:
44dcb658619834b3ea5026ffac0345dfee845367
SH256 hash:
2f13f4db3405dfac3dd2945be3de440607b6e8479951c2630823009700083953
MD5 hash:
084fd7e237ece48508277cdfd578e47d
SHA1 hash:
f152839ca9518552e41320c8b3bab96d01a911e5
SH256 hash:
c440617e04a50ced73c8ab992cbe8d8954a3e41f21f046ee9d1f2a41ea9b416d
MD5 hash:
9390df6c9a6111978dee5414bc42eda6
SHA1 hash:
d3cb1c366b9e466afa93eb369838a04d30777795
SH256 hash:
7798c68d73954129d853b5f090862322a18f3032ef74d1a11318b6b3f3ac6e07
MD5 hash:
4bc196c134a0cdff79b0c94d56ea6da9
SHA1 hash:
b77ba98e49e402835c870af0be532dd10ecb36df
SH256 hash:
f081fb94e41b76bb846b02070facc524707aec02c0ba18cdbab2b3426954b981
MD5 hash:
21155abee7b872548ee63e3c3572fc57
SHA1 hash:
44dcb658619834b3ea5026ffac0345dfee845367
SH256 hash:
ac0ae00f56127b9a2036156b7fb50c8eb65347d8773ca8a6e5ca0f92cc39ca59
MD5 hash:
1742b7804fc8a128246e51bcaf9a5dae
SHA1 hash:
a479e4bd7826de68a5cfba5c474d5c1fd547c58d
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
YARA Signatures
MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.
| Rule name: | pe_imphash |
|---|
| Rule name: | Skystars_Malware_Imphash |
|---|---|
| Author: | Skystars LightDefender |
| Description: | imphash |
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.