MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bf9fd5adc66ebd40de81eda76543a9b798ad480aab0d0316e7d13a6d51525816. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

FormBook

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	bf9fd5adc66ebd40de81eda76543a9b798ad480aab0d0316e7d13a6d51525816
SHA3-384 hash:	0ca4015655ec6c31df33bdc1dca9d029d641cefca7a08f51838e92d49608216c659dffb3426e496816ba46d153bc6625
SHA1 hash:	7cb214b2dc8b861e6ee26ac120e494d43035813b
MD5 hash:	a48efe002e755fc23f7275abd4ce400b
humanhash:	august-crazy-shade-connecticut
File name:	a48efe002e755fc23f7275abd4ce400b.exe
Download:	download sample
Signature	FormBook Create hunting rule
File size:	311'041 bytes
First seen:	2020-06-30 05:31:27 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	7c2c71dfce9a27650634dc8b1ca03bf0 (160 x Loki, 58 x Formbook, 55 x Adware.Generic)
ssdeep	6144:VPCganN8FCAlaAA1G/IW5a25lm1yhdIWv5UvzzvemF7vH5lWV/F6xtB:7anSFCAcA02aOphdPol7H5lq/+
Threatray	5'284 similar samples on MalwareBazaar
TLSH	C86422131710C5A7C8B602B005B11BE6FF6AF85F5CD37FC68714AE463E81AC65A2E64E
Reporter	abuse_ch
Tags:	exe FormBook

Intelligence

File Origin

# of uploads :

1

# of downloads :

83

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/16771/

Detection(s):

PUA.Win.Downloader.Soft32downloader-6691270-0

SecuriteInfo.com.Artemis162931E90DCF.4593.UNOFFICIAL

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/bf9fd5adc66ebd40de81eda76543a9b798ad480aab0d0316e7d13a6d51525816/

Threat name:

Win32.Trojan.Wacatac

Status:

Malicious

First seen:

2020-06-30 00:49:42 UTC

AV detection:

24 of 31 (77.42%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=x6p5llogn26ubxub5wtwkq5jw6mk2sakvmgqgfxh2e5g2ukslala._file

Verdict:

malicious

Similar samples:

0e661b488a5571afb39ddf31bda089f7c032ed0a077501c3b7c8a31a0a6442d6

0fd1ddf542f9746a9e25ceb976d416b8385d837d5e71bb02bd9b999083620d9f

4adb6a21c1056dafc19fe22df99b061d94e25e258aa4ff3c35fb8cc65faa2c17

52ea3c1f51eb3a8920e2895ebe7d54ed9b010407775434da9c47fdeceae7af84

60952b7b0b3edeb47b07f1d2a0fb87856b165550e47c605c4ef4fb1da699a332

7f6ab9c1ee0cee3b51e076a98ad0b05416e87de438d475a8137d80405f75ac24

8a1f8815b2d54f7171358001bec7be97d87660a29d8bce9d247da901b012f594

d4405060b30fab298c2747fc58ec301dfa160be2df3e335a78900fac044a2493

d789a675b16eca7a3d78fffd03d6dfc18a396d6eac4da2472b99700ff1cb09c7

f69e7749b6798b4c4f258eebbedc77992536cc24bef9d1bf3d68315ad16abcf0

+ 5'274 additional samples on MalwareBazaar

Result

Malware family:

formbook

Score:

10/10

Tags:

trojan spyware stealer family:formbook persistence evasion

Link:

https://tria.ge/reports/200630-zk8tddp9ex/

Behaviour

System policy modification

Modifies Internet Explorer settings

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: MapViewOfSection

Suspicious use of FindShellTrayWindow

Drops file in Program Files directory

Suspicious use of SetThreadContext

Checks whether UAC is enabled

Reads user/profile data of web browsers

Loads dropped DLL

Adds Run entry to policy start application

Formbook

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe bf9fd5adc66ebd40de81eda76543a9b798ad480aab0d0316e7d13a6d51525816

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/386451/

Delivery method

Distributed via web download

Cape

Cape

https://www.capesandbox.com/analysis/16771/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample