MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b34bc888551b9a603edf76a356a4c0fc290fac420d3c6df0decd0916970bfb9b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b34bc888551b9a603edf76a356a4c0fc290fac420d3c6df0decd0916970bfb9b
SHA3-384 hash: dda7602669e29a07589229398fb83ec847e4eb68c7f1adeea060e4983b31e80218eb9301247f1dfe9bbf053338de2b57
SHA1 hash: 089f398df4eb9cf0511038cff177ecd3fbc9715c
MD5 hash: 94743aae8b0eb58bf9849035dc640b3c
humanhash: aspen-wyoming-indigo-virginia
File name:DHL Delivery Documents.exe
Download: download sample
Signature Formbook
Create hunting rule
File size:79'872 bytes
First seen:2022-01-31 15:24:06 UTC
Last seen:2022-02-09 10:19:44 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 1536:qpga/eHUTQQQQQQQBdBgN6b5/2kWSC6WLreVXpga/eHUTQQQQQQQBdBgN6b5/2kA:qpga/eHUTQQQQQQkdBft/2YWLreVXpgs
Threatray 12'972 similar samples on MalwareBazaar
TLSH T1BF731942D5A30367E6A997F3B49356C30BA0640D18E0CEAA9CC970DE199F31A7547FCB
File icon (PE):PE icon
dhash icon 550959654d651945 (37 x Formbook, 28 x AgentTesla, 14 x RemcosRAT)
Reporter adrian__luca
Tags:exe FormBook

Intelligence

File Origin
# of uploads :
5
# of downloads :
168
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/228526/
Detection(s):
SecuriteInfo.com.Trojan.DownloaderNET.290.28666.13804.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
DNS request
Sending a custom TCP request
Sending an HTTP GET request
Launching a process
Creating a file
Launching cmd.exe command interpreter
Searching for synchronization primitives
Unauthorized injection to a system process
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
control.exe obfuscated
Link:
https://www.filescan.io/uploads/61f7ff54d7fd65ae55fd539e/reports/7f912de8-eb70-423c-815b-c09025d3c83f/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Formbook
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/7a9bccc3-07e3-451c-9339-83d87dbff4d6
Result
Threat name:
FormBook
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/930996
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b34bc888551b9a603edf76a356a4c0fc290fac420d3c6df0decd0916970bfb9b/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2022-01-31 15:25:10 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
11
AV detection:
19 of 27 (70.37%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wnf4rccvdongapw7o2rvnjga7quq7lccbu6g34g6zuernfyl7onq._file
Verdict:
malicious
Label(s):
formbook
Create hunting rule
Similar samples:
194eecb866b404241cc14abfccf3ece512927dafff1e64248e1b1fb4e4acbd26
Formbook
1af1b596f8fa1220b552694e0d970dbaf094da24d8da348f87ae9801673fdf8d
Formbook
2a4415721925c12ce8a80719697ffbda5daf88fe34804b0549bc5d5605790cdb
Formbook
3f277a6819833eb0c7feab4e952301b4bac883e38ec8bd266093b6757d1920e8
Formbook
4f538ee6b8d7c6e779e1af1945dbcf1903947f45e707e68b1be0ce6a43b8041f
Formbook
71bad0685e5b2447a8dcdc960ee2930ad5ec4910d5d449040fb52cb9754df2a2
Formbook
7a4424af54555e5a81f6fa4e2b2c42c6d19c71bbcc261cd1be14af245c3b711c
Formbook
889a99efe47a7cd2f2ee5797086d76e5811f9502047d9be1c6cbc1dc815c57fe
Formbook
a58fa4c9cd9960a9b7c8fbab4942b3d1f28035ce37b68b4835afa9e728cbdc0a
Formbook
d1a716b9f2d3c4be4527b077dd5da726ffb4008935c7223116a3aa64b4f5f8f0
Formbook
+ 12'962 additional samples on MalwareBazaar
Result
Malware family:
xloader
Create hunting rule
Score:
  10/10
Tags:
family:xloader campaign:zqzw loader persistence rat
Link:
https://tria.ge/reports/220131-ss4wqaabc3/
Behaviour
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Sets service image path in registry
Xloader Payload
Xloader
Unpacked files
SH256 hash:
b34bc888551b9a603edf76a356a4c0fc290fac420d3c6df0decd0916970bfb9b
MD5 hash:
94743aae8b0eb58bf9849035dc640b3c
SHA1 hash:
089f398df4eb9cf0511038cff177ecd3fbc9715c
Link:
https://www.unpac.me/results/4222f491-fb4c-4b04-8b0c-b36b9c2be932/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.73
Link:
https://yomi.yoroi.company/submissions/b34bc888551b9a603edf76a356a4c0fc290fac420d3c6df0decd0916970bfb9b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

Executable exe b34bc888551b9a603edf76a356a4c0fc290fac420d3c6df0decd0916970bfb9b

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/228526/

Comments