MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b96d8904afc128bf96f360fb2702b6eb0d4d70ae6cbf32e7e4bbdd90ff884a04. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b96d8904afc128bf96f360fb2702b6eb0d4d70ae6cbf32e7e4bbdd90ff884a04
SHA3-384 hash: 68dd7b4b51a4ba8c22f3bdb24c1d527eb134bfc09a694ed5ce3f5bf6fdc409df6d2fed69a4d2922436d5674bd95749f6
SHA1 hash: 337fbc501d953cd3b77ac05579b9e3f42b3010a2
MD5 hash: 60bdabd7b32ecf4ef9d347748c0026f9
humanhash: nuts-massachusetts-neptune-comet
File name:SecuriteInfo.com.Variant.Graftor.939070.3775.8820
Download: download sample
Signature Formbook
Create hunting rule
File size:552'960 bytes
First seen:2022-01-24 10:29:09 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9a660fceb169cf592983a5e5f0336333 (1 x Formbook)
ssdeep 12288:m9B7RRGfg5z4WX10GaZngOSigxeuX+dG/ewK7YNGD:m9B7R4fg6Y10GaZnPgFd2wKbD
Threatray 13'318 similar samples on MalwareBazaar
TLSH T1EEC4BF4BDB8B9EFAD18214740541DA311474AD312B2FA4C7FFC26DAEC23A9D06536F1A
Reporter SecuriteInfoCom
Tags:exe FormBook

Intelligence

File Origin
# of uploads :
1
# of downloads :
175
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/221896/
Detection(s):
SecuriteInfo.com.Variant.Graftor.939070.3775.8820.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Unauthorized injection to a recently created process
Creating a file in the %temp% directory
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
graftor greyware keylogger packed shell32.dll wacatac
Link:
https://www.filescan.io/uploads/61ee7fafd32385db63278235/reports/44208cf8-5e7a-4620-8690-779c5d0cdaad/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Formbook
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/3ae0e9ac-6ab4-4c3a-bba1-0dfd9e7d8f9d
Result
Threat name:
FormBook
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/926200
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Antivirus detection for URL or domain
C2 URLs / IPs found in malware configuration
Found hidden mapped module (file has been removed from disk)
Found malware configuration
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Tries to detect virtualization through RDTSC time measurements
Yara detected FormBook
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b96d8904afc128bf96f360fb2702b6eb0d4d70ae6cbf32e7e4bbdd90ff884a04/
Threat name:
Win32.Trojan.Tnega
Create hunting rule
Status:
Malicious
First seen:
2022-01-24 08:41:11 UTC
File Type:
PE (Exe)
AV detection:
26 of 28 (92.86%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
formbook
Create hunting rule
Similar samples:
129d230573fdb00a681a7f0c507bc16d2efcd08c4408f544f1d7653162b2cd92
Formbook
26a7d60148b01f0b2c57abaac977514cbc0d31606ae151f200f0b9c04fdf0ad3
Formbook
586e65df6337c02078f617bdcbad67cc055c79df2f1c57899789cec1d65a7939
Formbook
73f458d7e38ab748b7b7d3b3e680db9eb08d845c1b1b7c935a6ee453d8f03358
Formbook
786698eab83f77c1fdc3d37daf49966befe788b0e85167083726354225176d1f
Formbook
9998ff1d42d8af0fcc166bea36887eebf182e91d1816853d9f80e6cbbbaf9145
Formbook
adbb0a2d948271b626589d5e305bdda36bad62e00b58847d0a7dae3688d5c376
Formbook
d78094f3b6eac87e2d4249671bdc4e044afb31e2e78aac8f2db7186c6d5b6db1
Formbook
e146d9fee7645fc19d995f9d018cac7d0070acf5399128b8435e8532df423921
Formbook
+ 13'308 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/220124-mjvc2aebg6/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Unpacked files
SH256 hash:
3981f36c139869f64f6d50f7d0ca06164224c9e99ec335db5d80d40ed83bfedc
MD5 hash:
05357d360b7de0d0830b819443ae1372
SHA1 hash:
01a9568f0b177a85f29dc52c1f3c440a43240513
Detections:
win_formbook_g0
Create hunting rule
win_formbook_auto
Create hunting rule
Link:
https://www.unpac.me/results/a9931764-76c2-4710-a477-11c605768bd0/
Parent samples :
d1b784c5bf13a6a45204633c506ef49906ccadbac510649408bb698b7c96487b
b96d8904afc128bf96f360fb2702b6eb0d4d70ae6cbf32e7e4bbdd90ff884a04
SH256 hash:
b96d8904afc128bf96f360fb2702b6eb0d4d70ae6cbf32e7e4bbdd90ff884a04
MD5 hash:
60bdabd7b32ecf4ef9d347748c0026f9
SHA1 hash:
337fbc501d953cd3b77ac05579b9e3f42b3010a2
Link:
https://www.unpac.me/results/a9931764-76c2-4710-a477-11c605768bd0/
Malware family:
XLoader
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/b96d8904afc1/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/b96d8904afc128bf96f360fb2702b6eb0d4d70ae6cbf32e7e4bbdd90ff884a04

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Formbook

Executable exe b96d8904afc128bf96f360fb2702b6eb0d4d70ae6cbf32e7e4bbdd90ff884a04

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/221896/
  
URLhaus
https://urlhaus.abuse.ch/url/2001965/
  
Delivery method
Distributed via web download

Comments