MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d088a3c1bbc7b1c97e5ce94d4a2e1f8ed7fcf7cef8e2b21d70ee15bb3f49d509. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 14


Intelligence 14 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d088a3c1bbc7b1c97e5ce94d4a2e1f8ed7fcf7cef8e2b21d70ee15bb3f49d509
SHA3-384 hash: bb2a0e234388605db79da962e5a465ff47e58620a9c4488df2d00b6271d0dea650d94dce26e91c7c2c3be68b1e16c967
SHA1 hash: 32e7a466a70289ee62c36d859fe4f5bc72ab0677
MD5 hash: cb66355b2504a0a08aa7192f024e7307
humanhash: emma-kitten-oregon-nevada
File name:cb66355b2504a0a08aa7192f024e7307.exe
Download: download sample
Signature Formbook
Create hunting rule
File size:689'152 bytes
First seen:2023-06-30 07:46:56 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'740 x AgentTesla, 19'600 x Formbook, 12'241 x SnakeKeylogger)
ssdeep 6144:/ZGczuXq1DTAv/2eIlnu9RfcevNP9Bp7S3VdKN8lODh3ykJEvHhLqxpvtjycKSGm:/FuXWDKueI0REeTu3u8lcEvhUyclGS
Threatray 2'553 similar samples on MalwareBazaar
TLSH T105E4483D2ABC5723C134C3B6CFE1C723B264982B7161EA665DC39B954796E4229C313E
TrID 71.1% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
10.2% (.EXE) Win64 Executable (generic) (10523/12/4)
6.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.3% (.EXE) Win32 Executable (generic) (4505/5/1)
2.0% (.ICL) Windows Icons Library (generic) (2059/9)
File icon (PE):PE icon
dhash icon f8967161697196f8 (3 x AgentTesla, 1 x Formbook)
Reporter abuse_ch
Tags:exe FormBook

Intelligence

File Origin
# of uploads :
1
# of downloads :
257
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
cb66355b2504a0a08aa7192f024e7307.exe
Verdict:
No threats detected
Analysis date:
2023-06-30 07:47:59 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/50e08772-2c9f-4283-9c5b-aa2fa2a533ba

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/403984/
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.1995.30638.27848.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a custom TCP request
Creating a process with a hidden window
Restart of the analyzed sample
Adding an exclusion to Microsoft Defender
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
formbook packed
Link:
https://www.filescan.io/uploads/649e8877cf99e7a5cfcc34a2/reports/34d89dad-4fd3-4825-9e6b-cfcb70cde9fc/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/d088a3c1bbc7b1c97e5ce94d4a2e1f8ed7fcf7cef8e2b21d70ee15bb3f49d509
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Formbook
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/37528e08-b53e-4f6d-858a-39ee24d2c278
Result
Threat name:
FormBook
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1263767
Signature
.NET source code contains potential unpacker
.NET source code contains very large strings
Adds a directory exclusion to Windows Defender
C2 URLs / IPs found in malware configuration
Found malware configuration
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Modifies the prolog of user mode functions (user mode inline hooks)
Multi AV Scanner detection for submitted file
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Snort IDS alert for network traffic
System process connects to network (likely due to code injection or exploit)
Tries to detect virtualization through RDTSC time measurements
Yara detected FormBook
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 896793 Sample: sQ3X4H1B2A.exe Startdate: 30/06/2023 Architecture: WINDOWS Score: 100 40 Snort IDS alert for network traffic 2->40 42 Found malware configuration 2->42 44 Malicious sample detected (through community Yara rule) 2->44 46 7 other signatures 2->46 10 sQ3X4H1B2A.exe 4 2->10         started        process3 file4 32 C:\Users\user\AppData\...\sQ3X4H1B2A.exe.log, ASCII 10->32 dropped 56 Adds a directory exclusion to Windows Defender 10->56 58 Tries to detect virtualization through RDTSC time measurements 10->58 14 sQ3X4H1B2A.exe 10->14         started        17 powershell.exe 19 10->17         started        signatures5 process6 signatures7 60 Modifies the context of a thread in another process (thread injection) 14->60 62 Maps a DLL or memory area into another process 14->62 64 Sample uses process hollowing technique 14->64 66 Queues an APC in another process (thread injection) 14->66 19 explorer.exe 3 1 14->19 injected 23 conhost.exe 17->23         started        process8 dnsIp9 34 app.salla.cloud 104.18.18.41, 49710, 80 CLOUDFLARENETUS United States 19->34 36 jaterix.net 82.180.174.83, 49709, 80 BROADCOMDK Denmark 19->36 38 3 other IPs or domains 19->38 48 System process connects to network (likely due to code injection or exploit) 19->48 25 wlanext.exe 19->25         started        signatures10 process11 signatures12 50 Modifies the context of a thread in another process (thread injection) 25->50 52 Maps a DLL or memory area into another process 25->52 54 Tries to detect virtualization through RDTSC time measurements 25->54 28 cmd.exe 1 25->28         started        process13 process14 30 conhost.exe 28->30         started       
Detection:
formbook
Create hunting rule
Link:
https://mwdb.cert.pl/sample/d088a3c1bbc7b1c97e5ce94d4a2e1f8ed7fcf7cef8e2b21d70ee15bb3f49d509/
Threat name:
ByteCode-MSIL.Trojan.Taskun
Create hunting rule
Status:
Malicious
First seen:
2023-06-30 00:57:03 UTC
File Type:
PE (.Net Exe)
Extracted files:
31
AV detection:
20 of 37 (54.05%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2cekhqn3y6y4s7s45fguulq7r3l7z56o7drlehlq5yk3wp2j2ueq._file
Verdict:
malicious
Label(s):
formbook
Create hunting rule
Similar samples:
10f995960aa806c718494876517cb801027ea00e3110e9b754b1ac039a0f696b
Formbook
259f6cd10ea806c54540345e0bc14b20dd871a4e8d6cd32052d56964c290bde8
Formbook
2a1a01f7dbce9cae3601bcf859fd7984cfa761783f929448e59a90dd56f43fa9
Formbook
2cea4635be71ebe2ff0d26948adfd11d7b8a945bce7ac4d459435f777bc4bf22
Formbook
44f2ec87230646c2db8bc78717c831c163dc5d5018ba9c18288db62a0b65814e
Formbook
737ed71a18c5ed82843236483504cac2ef798ec9651cc6687b5bcaf6022e070e
Formbook
ddd9ead73e818770fe8bc81da65f863e2ed6d20a6a32c60817d3edc8c4aa38d4
Formbook
e2ceee53e039eaca503c58bd2be1b268bfbc1f17a7568e70bdedf5ca8d1bd637
Formbook
fa50f197e39eb37efdbd83462dd11e3057e45f88d9acb8b7e99c50c44c1936b7
Formbook
fd1e8b3716764f552b7350c4612cfc64b152ded240b6f2a38426d43efeabc7b2
Formbook
+ 2'543 additional samples on MalwareBazaar
Result
Malware family:
formbook
Create hunting rule
Score:
  10/10
Tags:
family:formbook campaign:ge83 rat spyware stealer trojan
Link:
https://tria.ge/reports/230630-jmh8dshd8x/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Checks computer location settings
Formbook payload
Formbook
Unpacked files
SH256 hash:
39c1213b71830dc3dbe542230f65109a68028a5f80c177918422a94c8efe25d4
MD5 hash:
b075ba1483d921aaf145aa40752897b5
SHA1 hash:
6f38c9ad869f9db7b3c412326b21eb6dde9edd9d
Detections:
FormBook
Create hunting rule
FormBook
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
FormBook
Create hunting rule
FormBook
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
FormBook
Create hunting rule
FormBook
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
FormBook
Create hunting rule
FormBook
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
Link:
https://www.unpac.me/results/13b67e50-eba4-43d9-9a8f-854103dd5a3d/
Parent samples :
62d79b7612daa665c7f2769bad890f7d42fc26849f0baa1c596e601b0a724057
d088a3c1bbc7b1c97e5ce94d4a2e1f8ed7fcf7cef8e2b21d70ee15bb3f49d509
c013e9e4bb6f07f8da27bedef4ca4e0b99790a4777e00692da5c8e78e47eb70c
0678008b99744da75d64b17e189a5f8934780a0ddf2384d8c24e4240f796dc34
68f739e8cec56189a152729584f046954f13e32426331970eb755538a8008f1c
3868bc3ad364e26eb6a690198293725275ac8d1f9105cc1a72e206f82816aedf
c7f690c33e83ce246c48b918864dae66b4b6964116046cfa34de6bd3a81c2964
95c739685ac483d14260c45fef84686d505802b2a546531652de4b35b54ea8eb
a06ac680f7c3454cdfe9e777f1dc9e6867e3556d323986c428aead576d2ede5c
17da5b241a7c1a77d644c46063b11af84dbf96b2986e4c4c0b9b56c1689ae524
b723fa6187dd823012646cc23268f9a05550e8fb5018110df4ef24fa995d2141
05189b12acbe98448200d07fb553f915a88cd57ca1115bde87fba0dc77cc5f39
a16bbcd964ae89f1cae59ed66c22f1009830c91db528215972952d97433bfb71
bbd52311d6f6fcc5e1c1296fb53932cac1445ed4d3fe3872a2a8de1f83bd1bf0
651a4c3e35b647788a3eb33862d90bc7d58912e6e99ffb8a7bd4c759634fe67b
SH256 hash:
d50a24a0f3ebfbe161b4625972c1893fdbbb8477a751abbfc5f4aa827142de25
MD5 hash:
e26cc7f6a99f52a14b9ac1e3a8a06fd5
SHA1 hash:
ba5a66a381791c53d5ee1e5f8eab74b42798f1bd
Link:
https://www.unpac.me/results/13b67e50-eba4-43d9-9a8f-854103dd5a3d/
SH256 hash:
9d6c73e273a966a4ed1d93350392d965792ddf5ad201bfa28b8adcec2e344db5
MD5 hash:
adac60763fcfe4d5f4ad323046e79500
SHA1 hash:
9ced772a90ddec9fffde8c745225ad289f3f087e
Link:
https://www.unpac.me/results/13b67e50-eba4-43d9-9a8f-854103dd5a3d/
SH256 hash:
810add6427ab364afb94fc9a54b4a0fa7b693cb304c050f13218f22ec1ec219d
MD5 hash:
997cc25abd62b94f0a9f0db35753aad0
SHA1 hash:
199feb3aae5d6cc5e79fb6957985c8e708b03972
Link:
https://www.unpac.me/results/13b67e50-eba4-43d9-9a8f-854103dd5a3d/
SH256 hash:
39c1213b71830dc3dbe542230f65109a68028a5f80c177918422a94c8efe25d4
MD5 hash:
b075ba1483d921aaf145aa40752897b5
SHA1 hash:
6f38c9ad869f9db7b3c412326b21eb6dde9edd9d
Detections:
FormBook
Create hunting rule
FormBook
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
FormBook
Create hunting rule
FormBook
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
FormBook
Create hunting rule
FormBook
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
FormBook
Create hunting rule
FormBook
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
Link:
https://www.unpac.me/results/13b67e50-eba4-43d9-9a8f-854103dd5a3d/
Parent samples :
62d79b7612daa665c7f2769bad890f7d42fc26849f0baa1c596e601b0a724057
d088a3c1bbc7b1c97e5ce94d4a2e1f8ed7fcf7cef8e2b21d70ee15bb3f49d509
c013e9e4bb6f07f8da27bedef4ca4e0b99790a4777e00692da5c8e78e47eb70c
0678008b99744da75d64b17e189a5f8934780a0ddf2384d8c24e4240f796dc34
68f739e8cec56189a152729584f046954f13e32426331970eb755538a8008f1c
3868bc3ad364e26eb6a690198293725275ac8d1f9105cc1a72e206f82816aedf
c7f690c33e83ce246c48b918864dae66b4b6964116046cfa34de6bd3a81c2964
95c739685ac483d14260c45fef84686d505802b2a546531652de4b35b54ea8eb
a06ac680f7c3454cdfe9e777f1dc9e6867e3556d323986c428aead576d2ede5c
17da5b241a7c1a77d644c46063b11af84dbf96b2986e4c4c0b9b56c1689ae524
b723fa6187dd823012646cc23268f9a05550e8fb5018110df4ef24fa995d2141
05189b12acbe98448200d07fb553f915a88cd57ca1115bde87fba0dc77cc5f39
a16bbcd964ae89f1cae59ed66c22f1009830c91db528215972952d97433bfb71
bbd52311d6f6fcc5e1c1296fb53932cac1445ed4d3fe3872a2a8de1f83bd1bf0
651a4c3e35b647788a3eb33862d90bc7d58912e6e99ffb8a7bd4c759634fe67b
SH256 hash:
d50a24a0f3ebfbe161b4625972c1893fdbbb8477a751abbfc5f4aa827142de25
MD5 hash:
e26cc7f6a99f52a14b9ac1e3a8a06fd5
SHA1 hash:
ba5a66a381791c53d5ee1e5f8eab74b42798f1bd
Link:
https://www.unpac.me/results/13b67e50-eba4-43d9-9a8f-854103dd5a3d/
SH256 hash:
9d6c73e273a966a4ed1d93350392d965792ddf5ad201bfa28b8adcec2e344db5
MD5 hash:
adac60763fcfe4d5f4ad323046e79500
SHA1 hash:
9ced772a90ddec9fffde8c745225ad289f3f087e
Link:
https://www.unpac.me/results/13b67e50-eba4-43d9-9a8f-854103dd5a3d/
SH256 hash:
810add6427ab364afb94fc9a54b4a0fa7b693cb304c050f13218f22ec1ec219d
MD5 hash:
997cc25abd62b94f0a9f0db35753aad0
SHA1 hash:
199feb3aae5d6cc5e79fb6957985c8e708b03972
Link:
https://www.unpac.me/results/13b67e50-eba4-43d9-9a8f-854103dd5a3d/
SH256 hash:
39c1213b71830dc3dbe542230f65109a68028a5f80c177918422a94c8efe25d4
MD5 hash:
b075ba1483d921aaf145aa40752897b5
SHA1 hash:
6f38c9ad869f9db7b3c412326b21eb6dde9edd9d
Detections:
FormBook
Create hunting rule
FormBook
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
FormBook
Create hunting rule
FormBook
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
FormBook
Create hunting rule
FormBook
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
FormBook
Create hunting rule
FormBook
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
Link:
https://www.unpac.me/results/13b67e50-eba4-43d9-9a8f-854103dd5a3d/
Parent samples :
62d79b7612daa665c7f2769bad890f7d42fc26849f0baa1c596e601b0a724057
d088a3c1bbc7b1c97e5ce94d4a2e1f8ed7fcf7cef8e2b21d70ee15bb3f49d509
c013e9e4bb6f07f8da27bedef4ca4e0b99790a4777e00692da5c8e78e47eb70c
0678008b99744da75d64b17e189a5f8934780a0ddf2384d8c24e4240f796dc34
68f739e8cec56189a152729584f046954f13e32426331970eb755538a8008f1c
3868bc3ad364e26eb6a690198293725275ac8d1f9105cc1a72e206f82816aedf
c7f690c33e83ce246c48b918864dae66b4b6964116046cfa34de6bd3a81c2964
95c739685ac483d14260c45fef84686d505802b2a546531652de4b35b54ea8eb
a06ac680f7c3454cdfe9e777f1dc9e6867e3556d323986c428aead576d2ede5c
17da5b241a7c1a77d644c46063b11af84dbf96b2986e4c4c0b9b56c1689ae524
b723fa6187dd823012646cc23268f9a05550e8fb5018110df4ef24fa995d2141
05189b12acbe98448200d07fb553f915a88cd57ca1115bde87fba0dc77cc5f39
a16bbcd964ae89f1cae59ed66c22f1009830c91db528215972952d97433bfb71
bbd52311d6f6fcc5e1c1296fb53932cac1445ed4d3fe3872a2a8de1f83bd1bf0
651a4c3e35b647788a3eb33862d90bc7d58912e6e99ffb8a7bd4c759634fe67b
SH256 hash:
d50a24a0f3ebfbe161b4625972c1893fdbbb8477a751abbfc5f4aa827142de25
MD5 hash:
e26cc7f6a99f52a14b9ac1e3a8a06fd5
SHA1 hash:
ba5a66a381791c53d5ee1e5f8eab74b42798f1bd
Link:
https://www.unpac.me/results/13b67e50-eba4-43d9-9a8f-854103dd5a3d/
SH256 hash:
9d6c73e273a966a4ed1d93350392d965792ddf5ad201bfa28b8adcec2e344db5
MD5 hash:
adac60763fcfe4d5f4ad323046e79500
SHA1 hash:
9ced772a90ddec9fffde8c745225ad289f3f087e
Link:
https://www.unpac.me/results/13b67e50-eba4-43d9-9a8f-854103dd5a3d/
SH256 hash:
810add6427ab364afb94fc9a54b4a0fa7b693cb304c050f13218f22ec1ec219d
MD5 hash:
997cc25abd62b94f0a9f0db35753aad0
SHA1 hash:
199feb3aae5d6cc5e79fb6957985c8e708b03972
Link:
https://www.unpac.me/results/13b67e50-eba4-43d9-9a8f-854103dd5a3d/
SH256 hash:
39c1213b71830dc3dbe542230f65109a68028a5f80c177918422a94c8efe25d4
MD5 hash:
b075ba1483d921aaf145aa40752897b5
SHA1 hash:
6f38c9ad869f9db7b3c412326b21eb6dde9edd9d
Detections:
FormBook
Create hunting rule
FormBook
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
FormBook
Create hunting rule
FormBook
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
FormBook
Create hunting rule
FormBook
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
FormBook
Create hunting rule
FormBook
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
Link:
https://www.unpac.me/results/13b67e50-eba4-43d9-9a8f-854103dd5a3d/
Parent samples :
62d79b7612daa665c7f2769bad890f7d42fc26849f0baa1c596e601b0a724057
d088a3c1bbc7b1c97e5ce94d4a2e1f8ed7fcf7cef8e2b21d70ee15bb3f49d509
c013e9e4bb6f07f8da27bedef4ca4e0b99790a4777e00692da5c8e78e47eb70c
0678008b99744da75d64b17e189a5f8934780a0ddf2384d8c24e4240f796dc34
68f739e8cec56189a152729584f046954f13e32426331970eb755538a8008f1c
3868bc3ad364e26eb6a690198293725275ac8d1f9105cc1a72e206f82816aedf
c7f690c33e83ce246c48b918864dae66b4b6964116046cfa34de6bd3a81c2964
95c739685ac483d14260c45fef84686d505802b2a546531652de4b35b54ea8eb
a06ac680f7c3454cdfe9e777f1dc9e6867e3556d323986c428aead576d2ede5c
17da5b241a7c1a77d644c46063b11af84dbf96b2986e4c4c0b9b56c1689ae524
b723fa6187dd823012646cc23268f9a05550e8fb5018110df4ef24fa995d2141
05189b12acbe98448200d07fb553f915a88cd57ca1115bde87fba0dc77cc5f39
a16bbcd964ae89f1cae59ed66c22f1009830c91db528215972952d97433bfb71
bbd52311d6f6fcc5e1c1296fb53932cac1445ed4d3fe3872a2a8de1f83bd1bf0
651a4c3e35b647788a3eb33862d90bc7d58912e6e99ffb8a7bd4c759634fe67b
SH256 hash:
d50a24a0f3ebfbe161b4625972c1893fdbbb8477a751abbfc5f4aa827142de25
MD5 hash:
e26cc7f6a99f52a14b9ac1e3a8a06fd5
SHA1 hash:
ba5a66a381791c53d5ee1e5f8eab74b42798f1bd
Link:
https://www.unpac.me/results/13b67e50-eba4-43d9-9a8f-854103dd5a3d/
SH256 hash:
9d6c73e273a966a4ed1d93350392d965792ddf5ad201bfa28b8adcec2e344db5
MD5 hash:
adac60763fcfe4d5f4ad323046e79500
SHA1 hash:
9ced772a90ddec9fffde8c745225ad289f3f087e
Link:
https://www.unpac.me/results/13b67e50-eba4-43d9-9a8f-854103dd5a3d/
SH256 hash:
810add6427ab364afb94fc9a54b4a0fa7b693cb304c050f13218f22ec1ec219d
MD5 hash:
997cc25abd62b94f0a9f0db35753aad0
SHA1 hash:
199feb3aae5d6cc5e79fb6957985c8e708b03972
Link:
https://www.unpac.me/results/13b67e50-eba4-43d9-9a8f-854103dd5a3d/
SH256 hash:
d088a3c1bbc7b1c97e5ce94d4a2e1f8ed7fcf7cef8e2b21d70ee15bb3f49d509
MD5 hash:
cb66355b2504a0a08aa7192f024e7307
SHA1 hash:
32e7a466a70289ee62c36d859fe4f5bc72ab0677
Link:
https://www.unpac.me/results/13b67e50-eba4-43d9-9a8f-854103dd5a3d/
Malware family:
XLoader
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/d088a3c1bbc7/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Formbook

Executable exe d088a3c1bbc7b1c97e5ce94d4a2e1f8ed7fcf7cef8e2b21d70ee15bb3f49d509

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2673413/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/403984/

Comments