MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b6265825a201f66e512e8288a49c0112b0dcda84fde2904152b2f525edd32fd1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Formbook

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	b6265825a201f66e512e8288a49c0112b0dcda84fde2904152b2f525edd32fd1
SHA3-384 hash:	a3eee0b0c20785459bb11b3adb9f0962ff12cfe89dbead2d171f7cd4adaad375f518930a27a3e501951b004ed06f1664
SHA1 hash:	6552125a845fd688fba91bb3cbbc18acced89222
MD5 hash:	2c356c45d2225329917f82e98ce0d980
humanhash:	summer-hot-yankee-virginia
File name:	2c356c45d2225329917f82e98ce0d980.exe
Download:	download sample
Signature	Formbook Create hunting rule
File size:	377'344 bytes
First seen:	2021-08-27 08:40:09 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	ef471c0edf1877cd5a881a6a8bf647b9 (83 x Formbook, 33 x Loki, 31 x Loda)
ssdeep	6144:Y4XrK9PX7Fp6Gh2wWRGl0EDDf1PisZQ5rAGQwg1QtP1f4paaYlsdcaMJEdbI0PzF:HXe9PPlowWX0t6mOQwg1Qd15CcYk0We1
Threatray	1'102 similar samples on MalwareBazaar
TLSH	T1D284124548C5CCA6E719B371D0B3CF9819B57832CCD56B689718EA2EB870343B853E6B
dhash icon	aae2f3e38383b629 (2'034 x Formbook, 1'183 x CredentialFlusher, 666 x AgentTesla)
Reporter	abuse_ch
Tags:	exe FormBook

Intelligence

File Origin

# of uploads :

1

# of downloads :

346

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

2c356c45d2225329917f82e98ce0d980.exe

Verdict:

Suspicious activity

Analysis date:

2021-08-27 08:41:48 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/d9dfecc7-1065-45af-87b2-64b68e6e6b6b

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/182888/

Detection(s):

PUA.Win.Packer.Upolyx-12

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

DNS request

Connection attempt

Sending a custom TCP request

Sending an HTTP GET request

Sending a UDP request

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/2d08574b-a3e3-4384-9b7b-e3d40f995c12

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

52 / 100

Link:

https://www.joesandbox.com/analysis/840282

Signature

AutoIt script contains suspicious strings

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/b6265825a201f66e512e8288a49c0112b0dcda84fde2904152b2f525edd32fd1/

Threat name:

Win32.Spyware.Noon

Status:

Malicious

First seen:

2021-08-26 17:28:54 UTC

AV detection:

9 of 28 (32.14%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=wytfqjncah3g4ujoqkekjhabckynzwue7xrjaqkswl2sl3otf7iq._file

Verdict:

malicious

Similar samples:

1104b201580461c0319cf6fb65b219a56093ff425a8788758be9949242cea2e4

1c4cf94d38837e40ac5654711ef04cf7f2e07a66c065c46955d92d0d95089d90

2c9f9b7441e5626155e10dfdd98926a04653454723069560bebe6d07a7d1d405

8083fc125756be5ccebc8b837ffd80063f42696159291e0df941c28f03170b07

8344690f025846a5a0dcf5d6012a94cddcfe48ffcc06fa6d566bb4ef149e6716

89887d6a5f728886bc9f6012606918246c91ecafe903777f4fcda168217e9a5e

b09fdc39338aacafb7eb0163757d2b9863f78e5467af017ff4ad2f09e0e266a2

c46c1d3ce137b855a860af126e8986175501defc0a3f69c5472bf9d905c05bb4

ff3168baecb6c9afcaeaf4d557d814522a197183c8930da3832465f2f5b3963b

+ 1'092 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

upx

Link:

https://tria.ge/reports/210827-wc4kzpeqx2/

Behaviour

Modifies system certificate store

Enumerates physical storage devices

Unpacked files

SH256 hash:

51e49452b5f269f4fc0bf3cfeed657d41ceb0392298614d3865b8f56bf590006

MD5 hash:

e4e64a44749266fe3a1b4c08e6b9706d

SHA1 hash:

220ccd8a03c42b087178a34aa0c8715960c21908

Link:

https://www.unpac.me/results/2bd5505f-4002-4a18-be60-ec2aae1f3ec0/

SH256 hash:

b6265825a201f66e512e8288a49c0112b0dcda84fde2904152b2f525edd32fd1

MD5 hash:

2c356c45d2225329917f82e98ce0d980

SHA1 hash:

6552125a845fd688fba91bb3cbbc18acced89222

Link:

https://www.unpac.me/results/2bd5505f-4002-4a18-be60-ec2aae1f3ec0/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

0.85

Link:

https://yomi.yoroi.company/submissions/b6265825a201f66e512e8288a49c0112b0dcda84fde2904152b2f525edd32fd1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe b6265825a201f66e512e8288a49c0112b0dcda84fde2904152b2f525edd32fd1

(this sample)

Cape

Cape

https://www.capesandbox.com/analysis/182888/

URLhaus

https://urlhaus.abuse.ch/url/1562681/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample