MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ced5d0422dcb096451c1c28ea363fc3315985dab69d24d8fa7fd0de6d5103c10. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Formbook

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	ced5d0422dcb096451c1c28ea363fc3315985dab69d24d8fa7fd0de6d5103c10
SHA3-384 hash:	2debce513d2650534884d0a07a62c870f1ad7b5df8e3e2717c88bb085c084bc17d0a8162aad356f6cddb35ab05099c9f
SHA1 hash:	d1747bd35a83baf9fb5e8c5ae50ea71ed4e180dc
MD5 hash:	93877acddeac8a18520d8b7fcd4d13b8
humanhash:	alanine-stairway-alanine-hamper
File name:	SecuriteInfo.com.Malware.AI.1850730742.6630.22786
Download:	download sample
Signature	Formbook Create hunting rule
File size:	454'656 bytes
First seen:	2021-08-19 07:20:32 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f6b449e4254f9505d24d855db3d0959b (1 x Formbook)
ssdeep	12288:ixqeQO4P+v3bcYsH9zoPG2v06wsyrv1jBf9Z4voacq:4QO4Gv3bIHiGZrrv1BlZLap
Threatray	8'180 similar samples on MalwareBazaar
TLSH	T100A40281945BDE51EB1D03327AF5814F02EF2AB989A1D5AF616337019F283C1D9ABD0F
dhash icon	e88f080c0c088be8 (5 x Formbook)
Reporter	SecuriteInfoCom
Tags:	exe FormBook

Intelligence

File Origin

# of uploads :

1

# of downloads :

123

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

SecuriteInfo.com.Malware.AI.1850730742.6630.22786

Verdict:

Suspicious activity

Analysis date:

2021-08-19 07:22:26 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/2dac8d7c-2b55-4a2a-ad72-b92f745eeca0

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/180560/

Detection(s):

SecuriteInfo.com.Malware.AI.1850730742.6630.22786.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

DNS request

Sending a UDP request

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/ac200879-6142-4528-bf7d-5bede666f31f

Result

Threat name:

FormBook

Detection:

malicious

Classification:

troj.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/835573

Signature

C2 URLs / IPs found in malware configuration

Found malware configuration

High number of junk calls founds (likely related to sandbox DOS / API hammering)

Icon mismatch, binary includes an icon from a different legit application in order to fool users

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Tries to detect virtualization through RDTSC time measurements

Yara detected FormBook

Behaviour

Behavior Graph:

Detection:

formbook

Link:

https://mwdb.cert.pl/sample/ced5d0422dcb096451c1c28ea363fc3315985dab69d24d8fa7fd0de6d5103c10/

Threat name:

Win32.Spyware.Noon

Status:

Malicious

First seen:

2021-08-19 05:58:46 UTC

AV detection:

8 of 46 (17.39%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=z3k5aqrnzmewiuobykhkgy74gmkzqxnlnhje3d5h7ug6nviqhqia._file

Verdict:

malicious

Label(s):

formbook

Similar samples:

29df0bb962a305621b5f1d2a5cf0eaeae9381872e2a329230e833e6db7c999fa

7f81bdd235dca279812a46cec7f585bde9d681906dba1398e8ac86dfc877d079

b03f6bc5eec0f24076b3ef2c761b21d75c489ad34c5f94dcffab6d2b4d65263f

b6e96276c116a1100b52ca6fcb369e22b4faa30bbfd48df68942fae3feffb15e

b8ad131dedee5c7f3164a25f907a69c6f90632f901ecf50a61aa7e31b4c8334e

e8baf97ad51faed006287d1f01f921df0f677d4f056d35697158d30aa24ace9b

f0e5f425b27be304c21b4d472ea8f67dc134e1f813ec8405f07389b2af7c58bf

f81eb28b9cf28b8a5799bf19e2f4e05e789754a23e78baa42ed114d553265020

+ 8'170 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/210819-3sydcd1y4n/

Behaviour

Suspicious behavior: EnumeratesProcesses

Unpacked files

SH256 hash:

ced5d0422dcb096451c1c28ea363fc3315985dab69d24d8fa7fd0de6d5103c10

MD5 hash:

93877acddeac8a18520d8b7fcd4d13b8

SHA1 hash:

d1747bd35a83baf9fb5e8c5ae50ea71ed4e180dc

Link:

https://www.unpac.me/results/63b7cf58-2098-48c5-86a7-257448260ba5/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/ced5d0422dcb096451c1c28ea363fc3315985dab69d24d8fa7fd0de6d5103c10

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/180560/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample