MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ca54dac8de04ef9b1f74a39470ae1f615ecbb9cd5eaa093c3d70d7d40576eb9a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ca54dac8de04ef9b1f74a39470ae1f615ecbb9cd5eaa093c3d70d7d40576eb9a
SHA3-384 hash: 2b9512dd81b490afca2d59f72d761228872ee20b9de1fc295a697ef002b553a1bd21ef6c0d558441069086e165b34513
SHA1 hash: 3b40fb276accba3170e865e0e8eda2b840dfc01d
MD5 hash: 28c78e3fcc177169dd79bba88f5d50e1
humanhash: carpet-yankee-cardinal-four
File name:awator.net_xlmrp__nonnyy.exe.malw
Download: download sample
Signature Formbook
Create hunting rule
File size:488'448 bytes
First seen:2020-03-18 18:27:07 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'663 x AgentTesla, 19'478 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 6144:nJzKf/zmCja4qQmQCrcbnFuuUcTFx0T21BOcCSaa1MSSB6T1KpQcHCbh:nJY1ja4qQ+rcbFudkuN/S/1MSSPQcHK
Threatray 4'840 similar samples on MalwareBazaar
TLSH 4DA4D0A23E81B55DC84D1B3A526229C0DB3284C33AEBDB0EA7C5573D4DC7A1E4F0566B
Reporter ov3rflow1
Tags:FormBook malw

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.MSIL.Basic.1.Gen.23391.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Basic
Create hunting rule
Status:
Malicious
First seen:
2019-04-27 22:17:56 UTC
File Type:
PE (.Net Exe)
Extracted files:
3
AV detection:
25 of 31 (80.65%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
0831d2ef7d75d3086cfea4f7fa8c0b0dd8d0d4bff400670dda898a7dd1ded392
Formbook
1b8b4e62fb4118fc4f27c17d3a94d6d61a83cd6d11b224460d7f52b2a5f7c7d5
Formbook
1f8effc9e8ef41356c4446d27273380211fcbb6416b62e705398a581da76dc6a
Formbook
24f25d0bca087db5a6a5733171d3cee1fbcacdfcb00ef5b7bf79ad6fe362b069
Formbook
2e4937d9881cbbdce22d794992382cc914b1f14543a71c17b7bfc7eb9e49a558
Formbook
317f3e79ff4110f5310f4722d429082ef957112fc16221b28c7e036a4b7f68f8
Formbook
4a5a22b508a778ce928a6e7ed3f25c30c4d57176334035a2354effa151e44e60
Formbook
c458849465e25bcdc935e8a2db439ecb9e3cc099cd31b0f510dc77fc0d6704cc
Formbook
ca457dfbc65703fcbc3d124e7aac9933713f8788f2e04a92548ff95a23619139
Formbook
e993dc4733d3db72ebb90a0e2aa6c0e665ac6bb1679c5235ed8df88a9091dacd
Formbook
+ 4'830 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ca54dac8de04ef9b1f74a39470ae1f615ecbb9cd5eaa093c3d70d7d40576eb9a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
  
URLhaus
https://urlhaus.abuse.ch/url/186307/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments