MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d81ef70cc21230ef3f4411c0fa18b4c964d17c5908597195cf2b8ba0c96b8e2a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d81ef70cc21230ef3f4411c0fa18b4c964d17c5908597195cf2b8ba0c96b8e2a
SHA3-384 hash: 349e5d4ecf9e2c59a598c2d563db3291afe8c24ee873997ae970ebc9ea4d79a6dbab2eece51fac7fe152318ff1636857
SHA1 hash: 2311f0c20978e327446daa4f194b733371bf0aa8
MD5 hash: 6ffd4a33de6621fb8ae6b7f7726dc1da
humanhash: delta-double-charlie-sixteen
File name:Orignal Invoice_pdf.gz
Download: download sample
Signature Formbook
Create hunting rule
File size:291'932 bytes
First seen:2022-10-15 10:15:00 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:gU5eQvXds9hxRIAlk7SMLtxPfvNrLZcC5voZjuwOZ48:qyXds97R9pMPH5vQSwy48
TLSH T1185423A6A30C507D641067DE38DD66906C62CC87F1C48A2FEB71B57730AC375AB9A728
Reporter cocaman
Tags:FormBook gz INVOICE TNT

Intelligence

File Origin
# of uploads :
1
# of downloads :
358
Origin country :
n/a
File Archive Information

This file archive contains 2 file(s), sorted by their relevance:

File name:vgiybpcm.x
File size:4'660 bytes
SHA256 hash: d6f00878293204cc85c2a112f4f8160aeaa7601afcf4a64f78735a8eea11559b
MD5 hash: f16bf3d9ad3ecf461f26e9a75e9bdc8b
MIME type:application/octet-stream
Signature Formbook
File name:duzcazams.exe
File size:136'192 bytes
SHA256 hash: 3017920f6f2c95870bf938c2aab1c64e77c9b65e7f8ad7e3d81cdaeb58bacff3
MD5 hash: 9cc4b3dcc8a712968339507dfbefa5bc
MIME type:application/x-dosexec
Signature Formbook
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Smdd-6956905-0
Create hunting rule

Sanesecurity.Malware.27383.GZipHeur.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
lokibot overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/634a8827898b0652a4b7cc16/reports/4429c3ba-ae63-4ce8-9208-f4ee6635ae62/overview
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d81ef70cc21230ef3f4411c0fa18b4c964d17c5908597195cf2b8ba0c96b8e2a/
Threat name:
Win32.Trojan.ZmutzyPong
Create hunting rule
Status:
Malicious
First seen:
2022-10-14 08:08:01 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
13 of 42 (30.95%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3appodgcciyo6p2echapugfuzfsnc7czbbmxdfopfof2bsllryva._file
Result
Malware family:
formbook
Create hunting rule
Score:
  10/10
Tags:
family:formbook campaign:sy01 rat spyware stealer trojan
Link:
https://tria.ge/reports/221015-l9765sfdhq/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Suspicious use of SetThreadContext
Loads dropped DLL
Executes dropped EXE
Formbook payload
Formbook
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d81ef70cc21230ef3f4411c0fa18b4c964d17c5908597195cf2b8ba0c96b8e2a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

gz d81ef70cc21230ef3f4411c0fa18b4c964d17c5908597195cf2b8ba0c96b8e2a

(this sample)

Formbook

Executable exe 2aa2b861c5fad54e2a32fa2cc376871cd2d80a1485412073f5b5f461a7723e29

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2aa2b861c5fad54e2a32fa2cc376871cd2d80a1485412073f5b5f461a7723e29
  
Dropping
Formbook

Comments