MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c599667585688c32aa84ecbdad1a01e93e4a92beeab76c48f1f415234ce26b6c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

FormBook

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	c599667585688c32aa84ecbdad1a01e93e4a92beeab76c48f1f415234ce26b6c
SHA3-384 hash:	f3e59d52894e55de591e0d0c3dabcaad6463f8b5a49b62d2b20b5b60152ddf160ad34284eb1c49687a1ae99df89a32f4
SHA1 hash:	d638811d678fe18b64c6a3e1b4a4ce2c09f5b87f
MD5 hash:	782555afd497de8c5128196e9680f68f
humanhash:	burger-cardinal-carolina-nevada
File name:	IMG_04302020.exe
Download:	download sample
Signature	FormBook Create hunting rule
File size:	343'552 bytes
First seen:	2020-04-30 12:05:19 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'853 x AgentTesla, 19'780 x Formbook, 12'304 x SnakeKeylogger)
ssdeep	6144:rcax98A2uUIj/0oatjFKTp6jZmpWU/qJC0HSuNYFz0wI+RPYpTIwpV3nS2b:rwuml5+p6jiP/qIgYFnIOEnS2
Threatray	28 similar samples on MalwareBazaar
TLSH	0674F1139E68073BDD3D1BF692A7230843F947E62151E36A8EE830952CDBFD1191278E
Reporter	abuse_ch
Tags:	DHL exe FormBook

abuse_ch

Malspam distributing FormBook:

HELO: k024.k024jp4501.info
Sending IP: 160.16.60.127
From: DHL CUSTOMER SUPPORT <customerservice@dhl.com>
Subject: DHL Shipment Notification: 70072045127
Attachment: IMG_04302020.IMG (contains "IMG_04302020.exe")

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Grp

Status:

Malicious

First seen:

2020-04-30 10:37:00 UTC

AV detection:

28 of 31 (90.32%)

Threat level:

2/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=ywmwm5mfncgdfkue5s622gqb5e7evev65k3wyshr6qksgthcnnwa._file

Verdict:

malicious

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

img 2662020a6b5354206803980705409ecbbcd0bd1c8ef9dde5948a0d3368ad74ef

FormBook

exe c599667585688c32aa84ecbdad1a01e93e4a92beeab76c48f1f415234ce26b6c

(this sample)

Dropped by

MD5 243624ac0bf7b3008cc401b74b4b5d02

Delivery method

Distributed via e-mail attachment

Dropped by

SHA256 2662020a6b5354206803980705409ecbbcd0bd1c8ef9dde5948a0d3368ad74ef

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample