MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d3173c18c350a7fa99867f3ef7c9bf5375a4e1ca7f5706c60d883cb17322491f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d3173c18c350a7fa99867f3ef7c9bf5375a4e1ca7f5706c60d883cb17322491f
SHA3-384 hash: 844ffb8e98566c26ad9b5247dbc069f1f23fa6fc3ae8dd844f61e9cb18406782925748c87d183567af1c631543367c68
SHA1 hash: 34b75fa0336143dba8fc2cee895dbd0ffc5914ab
MD5 hash: 17a1bd2f314821d2554ff4f486bc763c
humanhash: cup-mirror-batman-avocado
File name:IRQ2207799_pdf.exe
Download: download sample
Signature Formbook
Create hunting rule
File size:478'527 bytes
First seen:2022-03-24 11:02:15 UTC
Last seen:2022-03-24 13:19:24 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 7fa974366048f9c551ef45714595665e (946 x Formbook, 398 x Loki, 261 x AgentTesla)
ssdeep 6144:uGi8Y9MXn1x7YZkDHY0Hi42gcmAdX2SdxWQQCJkVDOuiAQ/40aW5:4MX1x7YZkDHY0Hqm4gzC2Ou0aW5
Threatray 14'393 similar samples on MalwareBazaar
TLSH T1A3A47C3F65DA1D72E3E14EF0D45798DC8125ED1B3C108A9B6224BD193AFEB5E908432E
File icon (PE):PE icon
dhash icon a6a2b0e8c8e0e4f0 (1 x Formbook)
Reporter malwarelabnet
Tags:exe FormBook

Intelligence

File Origin
# of uploads :
2
# of downloads :
238
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/257141/
Detection(s):
SecuriteInfo.com.Trojan.NSISX.Spy.Gen.1.14843.4690.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file in the %temp% directory
Creating a process from a recently created file
Launching a process
Сreating synchronization primitives
Launching cmd.exe command interpreter
Searching for synchronization primitives
Setting browser functions hooks
Unauthorized injection to a recently created process by context flags manipulation
Unauthorized injection to a system process
Unauthorized injection to a browser process
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
control.exe formbook overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/623c4fc8b94fb38cb4e19751/reports/e071e182-585b-49e2-a548-75f55e4fa2f0/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/4d624666-9da8-443e-822a-1e159c045137
Result
Threat name:
FormBook
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/963689
Signature
Antivirus detection for URL or domain
C2 URLs / IPs found in malware configuration
Found malware configuration
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected FormBook
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d3173c18c350a7fa99867f3ef7c9bf5375a4e1ca7f5706c60d883cb17322491f/
Threat name:
Win32.Trojan.GenericML
Create hunting rule
Status:
Malicious
First seen:
2022-03-24 11:03:08 UTC
File Type:
PE (Exe)
Extracted files:
3
AV detection:
18 of 26 (69.23%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2mltyggdkct7vgmgp47ppsn7kn22jyokp5lqnrqnra6lc4zcjepq._file
Verdict:
malicious
Label(s):
formbook
Create hunting rule
Similar samples:
0736da1f42878cc4630f0b855fb638e76989fc53513fac93061cfdd49f9c94cf
Formbook
2ed8aeaf73ee1a3caf7eb0be7814868c4100efbe1b021e2d964db3b638dc7f3c
Formbook
6d1ae3278059d592ae7c4426df9456553b8abfbc3bd90ce0f8d1792e94ae95c2
Formbook
6ecfdff224175dade2cbf63719974b5335c1a81cf787142681163ddf882ce00e
Formbook
75a17cb26bd616c7d7b48b0b3add3033b6cd8656d8d20a0618734a3850072632
Formbook
7c0eb4f6e8a6c770581fc781394e91ab7410cec4ae02e6c9399a52be3f16f6e6
Formbook
945f67ae677681e14db036f753f47333556fea6f3837bef7399e440e6bc167d5
Formbook
bc09ecf5cb6364f4d053ec0420282fa6e7a1649a8a5ca2af2ca933aa27f8b90c
Formbook
c652919676cc6f3ea808c6e1023de343d27ed8f72f4f1b94523c4ecfb09bf223
Formbook
ec575e5cdf3da323c27e65f3042586173ca50ba0682b733a61f0b47f80c3004e
Formbook
+ 14'383 additional samples on MalwareBazaar
Gathering data
Unpacked files
SH256 hash:
d3173c18c350a7fa99867f3ef7c9bf5375a4e1ca7f5706c60d883cb17322491f
MD5 hash:
17a1bd2f314821d2554ff4f486bc763c
SHA1 hash:
34b75fa0336143dba8fc2cee895dbd0ffc5914ab
Link:
https://www.unpac.me/results/3ff213d3-3f12-4e89-a733-1c918ce4264b/
Malware family:
FormBook
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/d3173c18c350/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.18
Link:
https://yomi.yoroi.company/submissions/d3173c18c350a7fa99867f3ef7c9bf5375a4e1ca7f5706c60d883cb17322491f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/257141/

Comments