MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f11bf0f5b97161b5d27b4cbbc02fae52957df15646513874df10bc06d1d4e5df. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 9 File information Yara Comments

SHA256 hash: f11bf0f5b97161b5d27b4cbbc02fae52957df15646513874df10bc06d1d4e5df
SHA3-384 hash: 4385ecaa278f30ca8b2368816b26583457a100008d7816d7ab97c914d9bdaa934f7337f910ab8a48cd88b34f387f0997
SHA1 hash: 0e2cb2a9fd256afdb2a877fa0b8fbe6c7d30c6b4
MD5 hash: 8c5fad5ff5c2c0af9ce18b5130f3d43c
humanhash: whiskey-fourteen-berlin-florida
File name:SecuriteInfo.com.BackDoor.SpyBotNET.17.10332.27788
Download: download sample
Signature Formbook
File size:465'920 bytes
First seen:2020-08-01 19:33:31 UTC
Last seen:2020-08-02 07:33:13 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 12288:mIXFSwN4Q3OLK2lpbd84QiCzjJLEoP+7Zld/lWbJxaid1OU+BHtCOXaqvb5nzoVp:kU+xBXxTBbN
TLSH 95A49C7132B5AF85C93A4BF6A51428405FB429AF757DD369ACC030CB55EAF008A91FB3
Reporter @SecuriteInfoCom
Tags:FormBook

Intelligence


File Origin
# of uploads :
2
# of downloads :
25
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Unauthorized injection to a recently created process
Creating a file
Launching a process
Launching cmd.exe command interpreter
Setting browser functions hooks
Unauthorized injection to a system process
Unauthorized injection to a browser process
Result
Threat name:
FormBook
Detection:
malicious
Classification:
troj.evad
Score:
68 / 100
Signature
Injects a PE file into a foreign processes
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Tries to detect virtualization through RDTSC time measurements
Yara detected FormBook
Behaviour
Behavior Graph:
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Status:
Malicious
First seen:
2020-07-07 18:59:00 UTC
AV detection:
25 of 31 (80.65%)
Threat level
  5/5
Result
Malware family:
formbook
Score:
  10/10
Tags:
rat trojan spyware stealer family:formbook
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetThreadContext
Formbook Payload
Formbook

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Formbook

Executable exe f11bf0f5b97161b5d27b4cbbc02fae52957df15646513874df10bc06d1d4e5df

(this sample)

  
Delivery method
Distributed via web download

Comments