MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f3243a385c52c660c7c590a7ef77324199c3ccdd8fb70ed3292028afc2583c82. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 6


Intelligence 6 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f3243a385c52c660c7c590a7ef77324199c3ccdd8fb70ed3292028afc2583c82
SHA3-384 hash: 39697c4a3871700a72352f680fb3adb4bd159734f14d2444a1efe73f37b1c631cdbcddfd377cab12e52f18a9ae96f386
SHA1 hash: d62b0881467259c994f4c302a91eec65cf92b24a
MD5 hash: 7a6ad3eb134817a5399fbaa75751e0d5
humanhash: louisiana-thirteen-pennsylvania-oxygen
File name:M20240930086.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:747'952 bytes
First seen:2024-09-24 16:13:06 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:zeWptFedEgot+gCiaZvUzXKHdiTH8E6zhGI0e73FUMFvAVa+1A+qWdtj80Noetkz:zTeOgwCi8v4X0diTHTNk3qMFnCdtjVSp
TLSH T11DF423724DC016DB133F7AC4D0626BC49885A3E7906EC92F96B58809D19FF58960FAD3
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Magika rar
Reporter cocaman
Tags:FormBook rar


Avatar
cocaman
Malicious email (T1566.001)
From: "=?UTF-8?B?IlN0w6lwaGFuaWUgTWF6ZXQi?= <smazet@sud-industrie-service.com>" (likely spoofed)
Received: "from sud-industrie-service.com (unknown [141.98.10.88]) "
Date: "24 Sep 2024 18:11:43 +0200"
Subject: "Quote and supporting documents Ref No: M/2024/09/30/086."
Attachment: "M20240930086.rar"

Intelligence

File Origin
# of uploads :
1
# of downloads :
99
Origin country :
CH CH
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:M20240930086..exe
File size:762'831 bytes
SHA256 hash: 36421bdf90ea83d4e677a54710f4d35e2bc15a1222c4abb17e78996029f53c97
MD5 hash: 1f3a6997ed55ef6be6beccfc1996e011
MIME type:application/x-dosexec
Signature Formbook
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27121.RarHeur.NoDP.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Suspected-exe-in-RAR-2.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
90.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=66f2e27d5346c7b922adb269
Tags:
Encryption Stealth Swotter Injection Exploit Autoit
Gathering data
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/f3243a385c52c660c7c590a7ef77324199c3ccdd8fb70ed3292028afc2583c82
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f3243a385c52c660c7c590a7ef77324199c3ccdd8fb70ed3292028afc2583c82/
Threat name:
Win32.Trojan.Autoitinject
Create hunting rule
Status:
Malicious
First seen:
2024-09-24 16:13:09 UTC
File Type:
Binary (Archive)
Extracted files:
55
AV detection:
18 of 24 (75.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6msduoc4kldgbr6fsct665zsigm4htg5r63q5uzjeauk7qsyhsba._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Formbook
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f3243a385c52c660c7c590a7ef77324199c3ccdd8fb70ed3292028afc2583c82

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MAL_Malware_Imphash_Mar23_1
Create hunting rule
Author:Arnim Rupp
Description:Detects malware by known bad imphash or rich_pe_header_hash
Reference:https://yaraify.abuse.ch/statistics/
Rule name:UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser
Create hunting rule
Author:malware-lu
Rule name:UPXv20MarkusLaszloReiser
Create hunting rule
Author:malware-lu
Rule name:upx_largefile
Create hunting rule
Author:k3nr9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar f3243a385c52c660c7c590a7ef77324199c3ccdd8fb70ed3292028afc2583c82

(this sample)

Formbook

Executable exe 36421bdf90ea83d4e677a54710f4d35e2bc15a1222c4abb17e78996029f53c97

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 36421bdf90ea83d4e677a54710f4d35e2bc15a1222c4abb17e78996029f53c97
  
Dropping
Formbook

Comments