MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dc124de38bc46065f427928b5b1c0dae742f8dbbca236e611735f24ae70e6cb5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dc124de38bc46065f427928b5b1c0dae742f8dbbca236e611735f24ae70e6cb5
SHA3-384 hash: cf8a876a1af4aae64507ecd90089eb1e2f5f43450119f51d128d56cc9e3f3227a982bfd0ca00d7d99779928dcebf2210
SHA1 hash: 18213e51363e486cff2e3707db5f3b85dc9c7d6f
MD5 hash: 1a507889b51bb4c630efdab875fe492d
humanhash: colorado-cup-minnesota-oxygen
File name:KYC DEBIT 11202020.exe
Download: download sample
Signature Formbook
Create hunting rule
File size:546'816 bytes
First seen:2020-11-20 08:02:55 UTC
Last seen:2020-11-20 14:30:51 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:BiHYRuVLX/Jp+zlQiMAi513nW3HDUnIIb1duIXOX:8Y4V9p6lx4/nsHDUnBbOIXO
Threatray 2'991 similar samples on MalwareBazaar
TLSH CAC42295B78D6B31D1AD36BF346121D883B44292D202EA5A7ECCD3FF1D9078819632F6
Reporter abuse_ch
Tags:exe FormBook


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: kyc.com
Sending IP: 37.49.225.168
From: KYC | Compliance <compliance@kyc.com>
Subject: NEW KYC DOCUMENTATION REQUEST 2020
Attachment: KYC DEBIT FORM 1.ISO (contains "KYC DEBIT 11202020.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
166
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Launching the default Windows debugger (dwwin.exe)
Result
Gathering data
Result
Threat name:
FormBook
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/543836
Signature
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Yara detected FormBook
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dc124de38bc46065f427928b5b1c0dae742f8dbbca236e611735f24ae70e6cb5/
Threat name:
ByteCode-MSIL.Ransomware.TeslaCrypt
Create hunting rule
Status:
Malicious
First seen:
2020-11-20 08:03:22 UTC
File Type:
PE (.Net Exe)
Extracted files:
2
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3qje3y4lyrqgl5bhskfvwhanvz2c7dn3zirw4yixgxzevzyons2q._file
Verdict:
malicious
Label(s):
formbook
Create hunting rule
Similar samples:
13690a4d7ae3acd542c99ab687383cc2d5b8b20346c2035a8f6381b03efbf7cb
Formbook
4d110e0d08384339b1bc38fbcad2bab177df0ad27b5f5cb2a3b88e8237052abd
Formbook
67b7e3da530df1ab1e868f9c0c1a5793f5b4a5b4fa69610e5e1d186a675c0c85
Formbook
771dabe6b8193e58aacc414d861dfa2d229906f7a414e64feea3466b49adebea
Formbook
8c0577ec4537880647e232dc1c3b0c722bb1efc0f8f4ea99729ed3607a1dace2
Formbook
a4aef07fffeb700f31df41a71994fbd7f2ab51c9b17f0dbf9900826528c30780
Formbook
cc10bb6e07911b422b71a6f0ada6d7fed969c7c7bea26976b86f7ea70a43fa41
Formbook
ccc3f57b398f8d8c671c152004ec16ad6646480dd2edc32ff2da50b2c2251bb3
Formbook
ce781d669945daac5963206d33d1727ec37c7379fe0b71a3580dec6e5cc46cf6
Formbook
dc647305de0ae67eff2e86276355bc83aa761b03693459df14d10ae6cd4a3102
Formbook
+ 2'981 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/201120-c3greez8c6/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Program crash
Unpacked files
SH256 hash:
dc124de38bc46065f427928b5b1c0dae742f8dbbca236e611735f24ae70e6cb5
MD5 hash:
1a507889b51bb4c630efdab875fe492d
SHA1 hash:
18213e51363e486cff2e3707db5f3b85dc9c7d6f
Link:
https://www.unpac.me/results/711b315f-57bd-4577-9450-007964cad314/
SH256 hash:
b6bac333f63538f764e02fd176e7c99d898746105105f4cb742e948adc54f66e
MD5 hash:
73623f3393463bd0aa07eef61cbae027
SHA1 hash:
c0cde66d524984d60abe54fd9641a2009e3c397d
Link:
https://www.unpac.me/results/711b315f-57bd-4577-9450-007964cad314/
SH256 hash:
b8bf31a1653fe5b35f132ab3b5870d2603ba2bf8c2adf5811cb546692b83fa8d
MD5 hash:
4e7e34d795ab07e21b9e7e08dd2cf1f7
SHA1 hash:
a1094d320a51133845623d7b3bf1c7c4bfbecdf2
Detections:
win_formbook_g0
Create hunting rule
win_formbook_auto
Create hunting rule
Link:
https://www.unpac.me/results/711b315f-57bd-4577-9450-007964cad314/
Parent samples :
a4aef07fffeb700f31df41a71994fbd7f2ab51c9b17f0dbf9900826528c30780
67b7e3da530df1ab1e868f9c0c1a5793f5b4a5b4fa69610e5e1d186a675c0c85
6b0025804683d99f2accac0be079fec6bb47de2f444df9a36ac46d9099b8a839
dc647305de0ae67eff2e86276355bc83aa761b03693459df14d10ae6cd4a3102
fc3380f98bb74748846c87f1b72b805c333040096fc48507c248cd737d1c4f9e
cc10bb6e07911b422b71a6f0ada6d7fed969c7c7bea26976b86f7ea70a43fa41
ccc3f57b398f8d8c671c152004ec16ad6646480dd2edc32ff2da50b2c2251bb3
8c0577ec4537880647e232dc1c3b0c722bb1efc0f8f4ea99729ed3607a1dace2
13690a4d7ae3acd542c99ab687383cc2d5b8b20346c2035a8f6381b03efbf7cb
d8d901bb4e3990c3eff141e0030128a484e35ca5145a46e63d43fcfb841a8c32
3712dc4b66de055750a1bec579febd5a7b8dd4432a77adcf20599db4b0b0edac
4d110e0d08384339b1bc38fbcad2bab177df0ad27b5f5cb2a3b88e8237052abd
58668792e64783e46ee3ffe3749e75cf5e65e02486a25840ba70c0c1f06a944a
771dabe6b8193e58aacc414d861dfa2d229906f7a414e64feea3466b49adebea
dc124de38bc46065f427928b5b1c0dae742f8dbbca236e611735f24ae70e6cb5
Malware family:
XLoader
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/dc124de38bc4/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

iso b586ddc3520d723a7280a22dd8ad4b43cf7cdd091b69e88b0671a5ddfbe73008

Formbook

Executable exe dc124de38bc46065f427928b5b1c0dae742f8dbbca236e611735f24ae70e6cb5

(this sample)

  
Dropped by
MD5 d6391e6d3c9e90b96ed33d9f109bdf20
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 b586ddc3520d723a7280a22dd8ad4b43cf7cdd091b69e88b0671a5ddfbe73008

Comments