MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c4d62fb1cf19280c5eefbd09de9d2f7d2c7b23abaf396cff79d552bd4363f1eb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 8 File information Yara Comments

SHA256 hash: c4d62fb1cf19280c5eefbd09de9d2f7d2c7b23abaf396cff79d552bd4363f1eb
SHA3-384 hash: db53051158251d14bc0250e804ff5e17107eea86c2dd59d3767d773875725255c767317fb1a1c9459bbbd673a899ef86
SHA1 hash: 9969d4de902cbeae01cbc42e9ec200a919724581
MD5 hash: 2112c999e44a7d4180680068d9ffb6b1
humanhash: low-berlin-ten-lima
File name:SecuriteInfo.com.Trojan.GenericKD.34263609.3735.31368
Download: download sample
Signature Formbook
File size:550'912 bytes
First seen:2020-08-01 23:30:31 UTC
Last seen:2020-08-02 07:33:00 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 12288:ZUgF6HFg503ApMchTthMhvbBQI2cThdJ:d6He503A75thSdQI2cThdJ
TLSH 87C4CF293385EB4EC66F4E3688564810DBF0ED670703F78B7CE236ED1D7D2599A22192
Reporter @SecuriteInfoCom
Tags:FormBook

Intelligence


File Origin
# of uploads :
2
# of downloads :
54
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Unauthorized injection to a recently created process
Creating a file
Launching a process
Launching cmd.exe command interpreter
Unauthorized injection to a system process
Result
Threat name:
FormBook
Detection:
malicious
Classification:
troj.evad
Score:
80 / 100
Signature
Injects a PE file into a foreign processes
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Yara detected AntiVM_3
Yara detected FormBook
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Kryptik
Status:
Malicious
First seen:
2020-07-30 21:02:10 UTC
AV detection:
24 of 31 (77.42%)
Threat level
  5/5
Result
Malware family:
formbook
Score:
  10/10
Tags:
rat trojan spyware stealer family:formbook
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Formbook Payload
Formbook

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Formbook

Executable exe c4d62fb1cf19280c5eefbd09de9d2f7d2c7b23abaf396cff79d552bd4363f1eb

(this sample)

  
Delivery method
Distributed via web download

Comments