MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 adc5532725144b1f28aaf526c1f83fe7ab098a54cdeec6e76de74145a3e793de. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 17


Intelligence 17 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: adc5532725144b1f28aaf526c1f83fe7ab098a54cdeec6e76de74145a3e793de
SHA3-384 hash: 6b08fd80dd12b4cb3e4cf7e9191186b95284eea514262695f16b4b668590c74bca9a36a66b95d253ff14629990986138
SHA1 hash: 759a7b3cf6c8099d464fa73c4c8e73ecb27a630d
MD5 hash: 5bfe9273fd11aa7ac9f5b05542ac4174
humanhash: lima-pizza-low-may
File name:adc5532725144b1f28aaf526c1f83fe7ab098a54cdeec6e76de74145a3e793de
Download: download sample
Signature Formbook
Create hunting rule
File size:679'936 bytes
First seen:2025-11-06 11:05:55 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:0if7r0uT4enMoFhw8zo+PsygNzs8MFl/XkHzRTtlptt2IxeH:0if7hTfCAo+UySs88MNTthtl
TLSH T181E4F1156B2EEF12D9A21BF006A1E2B417B49D4DB821E3174FEA7CDB747AF042809743
TrID 71.1% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
10.2% (.EXE) Win64 Executable (generic) (10522/11/4)
6.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.3% (.EXE) Win32 Executable (generic) (4504/4/1)
2.0% (.ICL) Windows Icons Library (generic) (2059/9)
Magika pebin
Reporter adrian__luca
Tags:exe FormBook

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
HU HU
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
adc5532725144b1f28aaf526c1f83fe7ab098a54cdeec6e76de74145a3e793de
Verdict:
No threats detected
Analysis date:
2025-11-06 18:27:02 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/9a0567d6-a283-4515-84f8-e1905913ed47

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/36022/
Verdict:
Malicious
Score:
99.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=690c8187ea0f3e915c2389b1
Tags:
shell virus msil
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a process with a hidden window
Restart of the analyzed sample
Adding an exclusion to Microsoft Defender
Gathering data
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/adc5532725144b1f28aaf526c1f83fe7ab098a54cdeec6e76de74145a3e793de
Verdict:
Malicious
File Type:
exe x32
First seen:
2025-10-21T08:30:00Z UTC
Last seen:
2025-11-05T03:40:00Z UTC
Hits:
~100
Link:
https://opentip.kaspersky.com/adc5532725144b1f28aaf526c1f83fe7ab098a54cdeec6e76de74145a3e793de/results?tab=lookup
Malware family:
Formbook
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/34f96368-d518-4045-8c83-55d1ebe31b28
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/adc5532725144b1f28aaf526c1f83fe7ab098a54cdeec6e76de74145a3e793de
Verdict:
inconclusive
YARA:
5 match(es)
Tags:
.Net Executable Managed .NET PDB Path PE (Portable Executable) PE File Layout SOS: 0.47 Win 32 Exe x86
Link:
https://app.malva.re/file/5bfe9273fd11aa7ac9f5b05542ac4174
Detection:
formbook
Create hunting rule
Link:
https://mwdb.cert.pl/sample/adc5532725144b1f28aaf526c1f83fe7ab098a54cdeec6e76de74145a3e793de/
Threat name:
Win32.Backdoor.FormBook
Create hunting rule
Status:
Malicious
First seen:
2025-10-21 11:53:19 UTC
File Type:
PE (.Net Exe)
Extracted files:
12
AV detection:
29 of 38 (76.32%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vxcvgjzfcrfr6kfk6utmd6b746vqtcsuzxxmnz3n45auli7hsppa._file
Verdict:
malicious
Label(s):
formbook
Create hunting rule
unc_loader_037
Create hunting rule
Similar samples:
error
Formbook
Result
Malware family:
formbook
Create hunting rule
Score:
  10/10
Tags:
family:formbook campaign:gw28 discovery execution rat spyware stealer trojan
Link:
https://tria.ge/reports/251106-m7l2kaal4y/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
SmartAssembly .NET packer
Suspicious use of SetThreadContext
Checks computer location settings
Command and Scripting Interpreter: PowerShell
Formbook payload
Formbook
Formbook family
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/4b389924-6911-435e-998a-38107c251296
Unpacked files
SH256 hash:
adc5532725144b1f28aaf526c1f83fe7ab098a54cdeec6e76de74145a3e793de
MD5 hash:
5bfe9273fd11aa7ac9f5b05542ac4174
SHA1 hash:
759a7b3cf6c8099d464fa73c4c8e73ecb27a630d
Link:
https://www.unpac.me/results/210d6b46-5819-48fe-bc15-608f15ce42b1/
SH256 hash:
9f2bdadb8926bf6157c7487e994ec28657f9415fd2fdf97a5ba82ba12e24046a
MD5 hash:
0e1119a6df48b550ad1353d136297ef3
SHA1 hash:
3f89b2297c1e0a29932eb25741a51538e005d565
Link:
https://www.unpac.me/results/210d6b46-5819-48fe-bc15-608f15ce42b1/
SH256 hash:
3f73165c551f3383606c67ebdf3d7bc2c13783d6e9315e56609fe3d387410e20
MD5 hash:
a3109093df94991b1e4fa304f8558f66
SHA1 hash:
e8dcad0282cc7e050c6ac825989b4a2b2a0241a7
Detections:
SUSP_OBF_NET_ConfuserEx_Name_Pattern_Jan24
Create hunting rule
SUSP_OBF_NET_Reactor_Indicators_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/210d6b46-5819-48fe-bc15-608f15ce42b1/
SH256 hash:
17cf2e3249632d80d852b1f2074abe276836fa6de237e6c44d7eb9b84505e237
MD5 hash:
03fb4ee4e3a854a15e5527b726becca4
SHA1 hash:
15c9f0a3a2f4a1bb231c1ccebccc57fba95752ac
Detections:
win_formbook_w0
Create hunting rule
win_formbook_g0
Create hunting rule
win_formbook_auto
Create hunting rule
FormBook
Create hunting rule
Windows_Trojan_Formbook
Create hunting rule
Formbook
Create hunting rule
Link:
https://www.unpac.me/results/210d6b46-5819-48fe-bc15-608f15ce42b1/
Parent samples :
90addeb56d3d3cd4aa9064861d82f68ed5e501e0149e1915e533d14c67e97e76
cb62a2a1afdbd5d034d28d9fbd0dfd6fb40d986b345b89e3fa8d1866d8ad9a38
3d73ce6df0894382b15b762b63c16b983ded101731112bbbb1a78bdf6faf6226
9d854ef77324e13432f5a59bdc1551e6425c8a5c533ee15a7e497e886636d30a
7b7de9a2694634817a70b23b8dff8fa44e5dbc96c046de82b27e1cce54d252c8
ee68d6bc31aa1661dfdbf95b66fccba4ec8678ee2b6f384d8f51cab0608e81df
f05c22a1efc4ae70839768e6d0d22057eadd708c8da4e3fc8de7376267e8bca4
94f3a5b7cc5784d0be1f7d4c726ea45c5c84a132f7b86a10dee5d63332c5415a
3f57d382a91d317a9534cdc957cd87407f5515c8950320987338dddb4899aeb8
863cb2092d902c6ca8e04b62654e32c1d21d2f6cfd0c71d287805456bd386746
41e4dd0218aed625e7883bd3dbe43a95796360bda2e2b7fcf020af9fe5e1f1dc
e97233f6c7b7497a0fe4d6a916dde92ade0cc0f92d73e424af88b0bd855b23db
35609862a6c28f3fa0e24dfc564dd3515c539cd1f8387de051055abbaef90ff5
ebc963782a30a3e6cc360a6e4fda16d2acac2de13ee0d8db863082e699dabd5a
0b6626a93de029cfa30a8b9e33aaa49f648bf75d36a8cba9fe199cfae9bb86c0
27541e7a2b03816dc453852b1251e72fae6e6081984e94248d3edb7e13c780e6
3f1bebc7b0ea5164074e72a8f77e3bc133d1d415f5db79c20385b8d5a601a1a0
da99e5e90a490e93120bd11d5bdb6226ad5e6fa21c10d5514b97d09b56dcc403
c3157e851e8881640c974074f7f50836c0eaf503a2134719ef1374d7824a449b
099aab7e93cc90414b63769dba429546e4f98953f1c8304f6b8109e6fa0a824e
69ae2e849e4b148f879630ae9e3a4f991602cc6a658dd732dd775c31839d69ce
c34753d6a802dcb3570354a7ecc7e930d957a28cca0d63e698ac0c0cbe67e6cc
44a2b2a04288b8a218d80ea21b9b96de167b844fa7481adfbd48cfdf179aa0df
3988ec66f1954d27508b1a07ca7fe384952aa751f066b6d0c626f54a185e3e41
67018046ca353a77dd60a66c54a2b1db4d82e8f3b3cce6cd7db1de6106c0e30a
889349bbd7bfd22af28916a5da340f36772ae2a6707b324ab666374b47bf9bba
dc969684c8b2051843d1db4048e2b13e366e769dd8e97a1dc63e1dce0ffcb954
532c23e17dcfc3459cc6a1d19cfd1be12b7589ce55558db0dd932426e41f14d3
851777ba5b93dbcb9663559525e069ca084e7e5a5c5111d2a6798bb065b82fc9
adc5532725144b1f28aaf526c1f83fe7ab098a54cdeec6e76de74145a3e793de
8ccd299fea6467b706e5b9108fb8e18c2dfab8fad9b324464f4ff74f067be6ad
195fbfce93f4365587f25a24138d01d03d066cbadaa0fa93e57dfbccca6767ec
23992ab41872ac21dcd499a48a743e51afa43d873d8564a95f03f4a639d3bfbc
Malware family:
FormBook
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/adc553272514/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/adc5532725144b1f28aaf526c1f83fe7ab098a54cdeec6e76de74145a3e793de

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/36022/

Comments