MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cfd29866a9e618985b15c779e0ac0ad8e09a9e997774c0d2fe18f00f8110a24a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

FormBook

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	cfd29866a9e618985b15c779e0ac0ad8e09a9e997774c0d2fe18f00f8110a24a
SHA3-384 hash:	2cb17dd811d9a8c96c571bdd8368dae5758005d0c982716dd324c947a5452df6cab40b8f89993fb03c17f5c90360d472
SHA1 hash:	8425d7c7dcb2b95fe67ef48ce0d79b38b8c1627e
MD5 hash:	54a88dc8f5eabe80b938a1827221ee73
humanhash:	connecticut-jupiter-juliet-hydrogen
File name:	Dhl package - pdf.exe
Download:	download sample
Signature	FormBook Create hunting rule
File size:	429'596 bytes
First seen:	2020-09-04 20:27:55 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	7c2c71dfce9a27650634dc8b1ca03bf0 (160 x Loki, 58 x Formbook, 55 x Adware.Generic)
ssdeep	12288:kanjusnLrXcx/diIjqDdX8dxQzB9Bwo4pf:7RXcxViomdlBXYf
TLSH	4B94230F4654EC77CF061531EE3F68E4EBDA839241A1F98F075969AB7813192834E2E9
Reporter	cocaman
Tags:	exe FormBook

Intelligence

File Origin

# of uploads :

1

# of downloads :

192

Origin country :

n/a

Vendor Threat Intelligence

Detection:

Formbook

Link:

https://www.capesandbox.com/analysis/56646/

Detection(s):

PUA.Win.Downloader.Soft32downloader-6691270-0

PUA.Win.Adware.Browserio-6725861-0

SecuriteInfo.com.Artemis162931E90DCF.4593.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Creating a file in the %temp% directory

Creating a file

Creating a file in the %AppData% subdirectories

Launching a process

Launching cmd.exe command interpreter

Setting browser functions hooks

Unauthorized injection to a system process

Unauthorized injection to a browser process

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/cfd29866a9e618985b15c779e0ac0ad8e09a9e997774c0d2fe18f00f8110a24a/

Threat name:

Win32.Trojan.Ymacco

Status:

Malicious

First seen:

2020-09-04 09:31:02 UTC

File Type:

PE (Exe)

Extracted files:

40

AV detection:

21 of 29 (72.41%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=z7jjqzvj4ymjqwyvy546blak3dqjvhuzo52mbux6ddya7aiqujfa._file

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/200904-19ywqgfm7s/

Behaviour

NSIS installer

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Formbook

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/cfd29866a9e618985b15c779e0ac0ad8e09a9e997774c0d2fe18f00f8110a24a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

ace 5eb81f54c6379536ea2ff56dbd0cf27926dc144a9e0ec6dbaa2dc37ca6da26f9

exe cfd29866a9e618985b15c779e0ac0ad8e09a9e997774c0d2fe18f00f8110a24a

(this sample)

Delivery method

Other

Dropped by

SHA256 5eb81f54c6379536ea2ff56dbd0cf27926dc144a9e0ec6dbaa2dc37ca6da26f9

Cape

Cape

https://www.capesandbox.com/analysis/56646/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample