MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ea481eac86e69fc04fa8bbd61dc945e0f5be7327b369df5483b14faf8bdfaf8a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ea481eac86e69fc04fa8bbd61dc945e0f5be7327b369df5483b14faf8bdfaf8a
SHA3-384 hash: 53338cf2c22f6b22320a7d5db6df5e53dd9afa2c2e88fafc9d8466227c66c6d40e1f3778a586603a0fbbc48900fae335
SHA1 hash: b91024974759a426223bbd27ef734e07a3514149
MD5 hash: 3cf6f68060c796800dba93f7df0e82a1
humanhash: dakota-xray-foxtrot-oklahoma
File name:FGB002.exe
Download: download sample
Signature FormBook
Create hunting rule
File size:527'360 bytes
First seen:2020-05-01 14:31:52 UTC
Last seen:2020-05-01 15:55:16 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'659 x AgentTesla, 19'469 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 12288:CysO7q4YdLij4d54WvMsnToEdLnygZxBipYKqaT:gO7mijeXdnygZxna
Threatray 18 similar samples on MalwareBazaar
TLSH 75B4E08223B8442FCA1F1FF792F2722593769C152D6EE34AB674F0721D736A49E80395
Reporter abuse_ch
Tags:exe FormBook


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: ns5.4gbhost.com
Sending IP: 210.1.58.192
From: paro@cischemgroup.com
Subject: Attached T/T copy for payment.
Attachment: FGB002.rar (contains "FGB002.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
93
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.LuheFihaA.29139.2872.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-01 16:44:00 UTC
File Type:
PE (.Net Exe)
Extracted files:
6
AV detection:
28 of 31 (90.32%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5jeb5leg42p4at5ixplb3skf4d2344zhwnu56vedwfh27c67v6fa._file
Verdict:
unknown
Similar samples:
081858e28f031a112eeb27a1bf1755a669f591b9e46b00f4effe3636ec90ae86
FormBook
1b0bbb9d0978499e58dcd5538ceeb8dd240faf8129a5e79e0c8ab0ac7d21e76d
FormBook
26279831e4b7aa96d846a0a56275b8c5ebfafadb34062d82078c7771cefbd19e
FormBook
32ac62cebb74e1795b30f1668fb6bc9fe84bed0e4df9a78dfe6b534815dd0a0e
FormBook
3a6e59f4903d46cc841f88279a674c8febc87d3e5d69c0b58da1864d1ea1d91c
FormBook
4ad79d7dfc755f667699bcc18f5bc0c3a64f09d1a969f7ccff0f255505cfc20c
FormBook
94d6b59e8f4f8a6dcbd043808cd713d0122e6077c6182ecf486eae49198cc00b
FormBook
9bb6a76344a0906d9292209ede4ecb2b87bda68265397a1e854cf464e078ec5d
FormBook
ad902bad9f459a31e657fe826869a611507af41776e323f285809a58e5f1172b
FormBook
d6f0bfa0aa9e2b9004d36f51fff20f947adbaa6bbb7fffdde1fc37d105fa7257
FormBook
+ 8 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar f9082aaaab2b65ef0aa876cf7411d1df888e7f83916610905685e3197e22447b

FormBook

Executable exe ea481eac86e69fc04fa8bbd61dc945e0f5be7327b369df5483b14faf8bdfaf8a

(this sample)

  
Dropped by
MD5 d6a7fdcd5123906a93a11de24ba83d90
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 f9082aaaab2b65ef0aa876cf7411d1df888e7f83916610905685e3197e22447b

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments