MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b39707482b00744db8fa4b03ab586f8e7fc5da0e80143f32b05ac0fa1e8f3e1c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b39707482b00744db8fa4b03ab586f8e7fc5da0e80143f32b05ac0fa1e8f3e1c
SHA3-384 hash: a1a85d391f3ddeb69cc90bd37590358e3f33a988aef413408fccd87e0c59cb2fbe9a62fceec2a9ed8f1943ea86a0f382
SHA1 hash: d02bf120b462333678396c7e5ff65357d17c8bb6
MD5 hash: cea8bf73c641d528551eab98e56e0abc
humanhash: lima-blue-winter-india
File name:Quotation Request.exe
Download: download sample
Signature Formbook
Create hunting rule
File size:361'984 bytes
First seen:2020-04-30 10:14:11 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'747 x AgentTesla, 19'638 x Formbook, 12'244 x SnakeKeylogger)
ssdeep 6144:gQx6v32TRz9RzugdiJHw6p8AN9LD10OJA8zTa/JvUnZIpo0oxb/5NhW80RzgTsrT:Hx6OZT3iJ/8ALSOh2/JvUZIpnYfzygNK
Threatray 5'198 similar samples on MalwareBazaar
TLSH 3B74E113329A8C57CAD609F44C5262080779AF5DA467F7CE6DD136FE1AF23D2390A683
Reporter abuse_ch
Tags:exe FormBook


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: pardc1.ParkeInteriors.local
Sending IP: 70.89.105.1
From: Salama Med<manager@chinaglowplug.com>
Subject: Re: Produtcts Inquiry
Attachment: Quotation Request.zip (contains "Quotation Request.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
93
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-30 08:38:00 UTC
File Type:
PE (.Net Exe)
Extracted files:
11
AV detection:
24 of 31 (77.42%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wolqosblab2e3oh2jmb2wwdprz74lwqoqakd6mvqllapuhuphyoa._file
Verdict:
malicious
Similar samples:
223bbe1af0d09289a1ebeddf78e3218fcae28d0a69c291d66fee5fa29337844a
Formbook
2a40a9e18303875b2db452783190820001c898e8374864fec29793bf43bbe401
Formbook
5628310c6fe718d77dadbc5c8cb6238faa27942517b590c2a87c07aadca429d6
Formbook
63b52bedfe18fe9a059dafcf21ed7d2bd58b00e8b4078c98e165c36e3d347b60
Formbook
82033c587c540fbcaec2ffdc139b837868711343f8a4e9ae61c306426028ace7
Formbook
8842ac3497c777517b2f18152eabaa0994a460d249773a5e89a4e16bca2bd741
Formbook
916237116e09e4233846389b7410a8ccc7e7ef96c0ed97c3fdb19a08499504af
Formbook
a50d19ddd0b87fdc2529cfb1676f14297125443103286553fbcdf4ffa989f8e7
Formbook
c921c868103f592befe1f7c0787c6389b914d8f09ffd8cccac514b610dfc1975
Formbook
f38d170b1da421aa60e778a64fec953d3058336f7cb06568ba7926495fe87f0c
Formbook
+ 5'188 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

zip 32d2a154f3de64d0d16f6c1fdb7911812126a1a4be4c63aaf1604d9fa7157163

Formbook

Executable exe b39707482b00744db8fa4b03ab586f8e7fc5da0e80143f32b05ac0fa1e8f3e1c

(this sample)

  
Dropped by
MD5 3722a5116b1947398cb72108470c518d
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 32d2a154f3de64d0d16f6c1fdb7911812126a1a4be4c63aaf1604d9fa7157163

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments