MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ac36e1a80e5bce46ba7b0810ee10075cb7fd7c8f0e2603048a8a1e6f0adc7266. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 15


Intelligence 15 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ac36e1a80e5bce46ba7b0810ee10075cb7fd7c8f0e2603048a8a1e6f0adc7266
SHA3-384 hash: c363084f00ebc0a8b3a078e70d7e943a6d7c74454fd0fe3bfe28cc2a1ab77839b29c17dd5941001a1624d629a3102289
SHA1 hash: 0c6e362df7069769123d4a48c4881a049a5c3a45
MD5 hash: 433bf2e2fce1caec352e5fbb6d18f2ea
humanhash: autumn-london-music-princess
File name:SecuriteInfo.com.W32.MSIL_Kryptik.MUC1.gen.Eldorado.30354.23277
Download: download sample
Signature Formbook
Create hunting rule
File size:1'092'096 bytes
First seen:2026-02-09 20:21:59 UTC
Last seen:2026-02-09 21:21:18 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'819 x AgentTesla, 19'743 x Formbook, 12'286 x SnakeKeylogger)
ssdeep 24576:+jguQOpNYtAFAoMLLwWFcwTGP61qBNVict:DuIAmcw861aNQc
Threatray 2'697 similar samples on MalwareBazaar
TLSH T1DE3522203799CF69D4B223F42431D2715BF8AE2EB122D31ACDC99CDF76AAF405524663
TrID 71.1% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
10.2% (.EXE) Win64 Executable (generic) (10522/11/4)
6.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.3% (.EXE) Win32 Executable (generic) (4504/4/1)
2.0% (.ICL) Windows Icons Library (generic) (2059/9)
Magika pebin
Reporter SecuriteInfoCom
Tags:exe FormBook

Intelligence

File Origin
# of uploads :
2
# of downloads :
148
Origin country :
FR FR
Vendor Threat Intelligence
Malware configuration found for:
RoboSki
Details
Link:
https://research.acce.ciphertechsolutions.com/results/16600c7a-218b-493f-9cc5-fcd0d8a3213c/
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.W32.MSIL_Kryptik.MUC1.gen.Eldorado.30354.23277
Verdict:
No threats detected
Analysis date:
2026-02-09 20:22:28 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/245168fc-d061-45c6-9ee7-94271bfbd8ec

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/52844/
Verdict:
Malicious
Score:
70.0%
Link:
https://cyber-fortress.com/docs/result/index.php?id=698a41f94c8b031249cdcde2
Tags:
malware
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
krypt packed
Link:
https://www.filescan.io/uploads/698a41f72ffccda0976ba168/reports/945a7309-f899-4509-83ae-e7615309990f/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/ac36e1a80e5bce46ba7b0810ee10075cb7fd7c8f0e2603048a8a1e6f0adc7266
Verdict:
Malicious
File Type:
exe x32
First seen:
2026-02-09T16:30:00Z UTC
Last seen:
2026-02-11T12:16:00Z UTC
Hits:
~100
Detections:
Trojan.MSIL.Crypt.sb VHO:Trojan-Spy.MSIL.Noon.gen VHO:Trojan-PSW.Win32.Convagent.gen Trojan-Spy.Noon.HTTP.ServerRequest PDM:Trojan.Win32.Generic Backdoor.Agent.HTTP.C&C Trojan-Spy.Win32.Noon.sb Trojan.MSIL.Inject.sb HEUR:Trojan-Spy.MSIL.Noon.gen
Link:
https://opentip.kaspersky.com/ac36e1a80e5bce46ba7b0810ee10075cb7fd7c8f0e2603048a8a1e6f0adc7266/results?tab=lookup
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/590222b0-4b02-4fa1-a245-ffe178015b06
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/ac36e1a80e5bce46ba7b0810ee10075cb7fd7c8f0e2603048a8a1e6f0adc7266
Verdict:
inconclusive
YARA:
10 match(es)
Tags:
.Net Executable Managed .NET PDB Path PE (Portable Executable) PE File Layout SOS: 0.43 Win 32 Exe x86
Link:
https://app.malva.re/file/433bf2e2fce1caec352e5fbb6d18f2ea
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ac36e1a80e5bce46ba7b0810ee10075cb7fd7c8f0e2603048a8a1e6f0adc7266/
Verdict:
Malicious
Threat:
Family.FORMBOOK
Link:
https://tip.neiki.dev/file/ac36e1a80e5bce46ba7b0810ee10075cb7fd7c8f0e2603048a8a1e6f0adc7266
Threat name:
ByteCode-MSIL.Trojan.Taskun
Create hunting rule
Status:
Malicious
First seen:
2026-02-09 20:22:31 UTC
File Type:
PE (.Net Exe)
Extracted files:
11
AV detection:
9 of 24 (37.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vq3odkaolphenot3baio4eahls3727epbytagbekripg6cw4ojta._file
Verdict:
malicious
Label(s):
formbook
Create hunting rule
Similar samples:
5a721e420c6fc129a198af6fd7458202c574cff68e0b60b4372a8af5767bd2d9
Formbook
66d0c643f5aa03a5b4303caf17c128e0dc030530f22da3af6ed927cbc9e4f1d6
Formbook
7f9d39908a024cc37cdece4ecc8aa724695ee2873d80ed4b1e7f8f8f3ee7ed5d
Formbook
ac36e1a80e5bce46ba7b0810ee10075cb7fd7c8f0e2603048a8a1e6f0adc7266
Formbook
b32d05c6d0606ae99980ac52e9acbae681e7c35936abca1aa7bbc66bc25bb0e5
Formbook
e4ff62b66b02a6f78870344b002d83ae80391d1cc0b1651085f23f28d41f027b
Formbook
e5f1feba5c6cd56201fd5eb64c4d9dbfae827f756ebbfeda3cb51f453d465d1b
Formbook
ef199950c418edee4843225609244c4336cd9041427ceaf465e6e32f1d3684d7
Formbook
error
Formbook
+ 2'687 additional samples on MalwareBazaar
Result
Malware family:
formbook
Create hunting rule
Score:
  10/10
Tags:
family:formbook discovery rat spyware stealer trojan
Link:
https://tria.ge/reports/260209-y5ncdsbv6c/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
System Location Discovery: System Language Discovery
SmartAssembly .NET packer
Suspicious use of SetThreadContext
Formbook payload
Formbook
Formbook family
Unpacked files
SH256 hash:
ac36e1a80e5bce46ba7b0810ee10075cb7fd7c8f0e2603048a8a1e6f0adc7266
MD5 hash:
433bf2e2fce1caec352e5fbb6d18f2ea
SHA1 hash:
0c6e362df7069769123d4a48c4881a049a5c3a45
Link:
https://www.unpac.me/results/6e0e3a26-88cc-4efc-b020-33bb667386e4/
SH256 hash:
48fa91de316a3b8b9b173548ff297a529e8045cfba133655cb8d7bf2517df628
MD5 hash:
54f2d8dcde429e9fa2c0cef39b6bb0e7
SHA1 hash:
1b0181a02d9f36613fdd5170d1b84a5a8358b2af
Link:
https://www.unpac.me/results/6e0e3a26-88cc-4efc-b020-33bb667386e4/
SH256 hash:
88aa86c775c561499f4598545a972d818a14adc3d02c7e5447224fb8d61b77cf
MD5 hash:
135f47924862fa8b5fb5b6c101b65e40
SHA1 hash:
497e8717236a31b98fea0e59710bf96e22abb20a
Detections:
SUSP_OBF_NET_ConfuserEx_Name_Pattern_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/6e0e3a26-88cc-4efc-b020-33bb667386e4/
SH256 hash:
ee730508ed07a1d5cc13489f9d83ed52a7e19726d57a2061ebd6e43b7ad7bc1a
MD5 hash:
2c2b85b97856ccdd3c2700b604aa6400
SHA1 hash:
fe964ab46f6dd263955e2f7f4744140f5dd788af
Link:
https://www.unpac.me/results/6e0e3a26-88cc-4efc-b020-33bb667386e4/
SH256 hash:
ed59bdb05232f05ed5d5899cb7695b6963be45d645ba67b1c30b0386e8ddcbbf
MD5 hash:
b92e6db2bb95e6d9b3e4c5a4aca02883
SHA1 hash:
a5f5ec649689acbe16c2454dfb56a0a218e7b5a9
Link:
https://www.unpac.me/results/6e0e3a26-88cc-4efc-b020-33bb667386e4/
Malware family:
FormBook
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/ac36e1a80e5b/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.45
Link:
https://yomi.yoroi.company/submissions/ac36e1a80e5bce46ba7b0810ee10075cb7fd7c8f0e2603048a8a1e6f0adc7266

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/52844/

Comments