MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fbbad7f1ea80336f2d11ec3df5d547fedcca56d3def4eb369f605122b02f3f34. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 13


Intelligence 13 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fbbad7f1ea80336f2d11ec3df5d547fedcca56d3def4eb369f605122b02f3f34
SHA3-384 hash: 3e224026de365b9e7d4d2dfc08fc1420b847e7c95f749ba13cdbc327c6a4e5bedd4859f0e1d193aac5a5b3c808577bdb
SHA1 hash: 9e103abddcf16b33339fd78967956eda91dc486d
MD5 hash: 1ad043cd1961bd25e3d66d0436669885
humanhash: fruit-lactose-indigo-blue
File name:DOC08910120230628102641.EXE
Download: download sample
Signature Formbook
Create hunting rule
File size:12'800 bytes
First seen:2023-06-29 11:49:52 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 192:9ZqwFkb7H0rKTW2eOdAZTza3kepns6XB5V87W1tfZGD4fJdq6myRRW35DjNS1a:3UTcOdYTd6XBSsRGDPHBHN/
Threatray 5 similar samples on MalwareBazaar
TLSH T1C142F9189EAC0527F8B707B85A6253C00B3EBF77B253EB2F6ECD7159285225419523B3
TrID 44.4% (.EXE) Win64 Executable (generic) (10523/12/4)
21.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
8.7% (.ICL) Windows Icons Library (generic) (2059/9)
8.5% (.EXE) OS/2 Executable (generic) (2029/13)
8.4% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter cocaman
Tags:exe FormBook

Intelligence

File Origin
# of uploads :
1
# of downloads :
274
Origin country :
CH CH
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
DOC08910120230628102641.EXE
Verdict:
Malicious activity
Analysis date:
2023-06-29 11:54:54 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/a38a039a-f52d-4749-8678-5593701b5099

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/403748/
Detection(s):
SecuriteInfo.com.Win64.PWSX-gen.8809.7226.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
DNS request
Sending a custom TCP request
Sending an HTTP GET request
Launching a process
Creating a file
Unauthorized injection to a system process
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
masquerade
Link:
https://www.filescan.io/uploads/649d6fee78b782264fa10887/reports/9819f9ea-1890-4c6f-a721-a2714898abf5/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/fbbad7f1ea80336f2d11ec3df5d547fedcca56d3def4eb369f605122b02f3f34
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Formbook
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/cb1984aa-18d6-48ac-aa74-25b1270143c5
Result
Threat name:
FormBook
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/1263213
Signature
Antivirus detection for URL or domain
Injects a PE file into a foreign processes
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Maps a DLL or memory area into another process
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Writes to foreign memory regions
Yara detected FormBook
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fbbad7f1ea80336f2d11ec3df5d547fedcca56d3def4eb369f605122b02f3f34/
Threat name:
Win64.Trojan.Cusloader
Create hunting rule
Status:
Malicious
First seen:
2023-06-29 07:10:23 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
1
AV detection:
18 of 38 (47.37%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7o5np4pkqazw6lir5q67lvkh73omuvwt332ownu7mbisfmbph42a._file
Verdict:
malicious
Similar samples:
1201be819db6d09ce9bd23656c5bbd7430e0420f30c39afe37b3a4662581f143
Formbook
65831b6a853bb664e7f189003da9cdda832e5bcf647c1e262b3bc80acb715814
Formbook
877dcc901ba5abacac399a8f33ccaffa321eb4306a3a10f16fa9a2d183374cd7
Formbook
a26842becdd6ced8f2b44de90122dbd4cc027348b569ef32703749bac877ca6f
Formbook
b82291de6b50625fbe64293024d4b7d3f1bc874e14d8a6c613b56cf4c5854d30
Formbook
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/230629-nzkzzach54/
Behaviour
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Uses the VBS compiler for execution
Unpacked files
SH256 hash:
fbbad7f1ea80336f2d11ec3df5d547fedcca56d3def4eb369f605122b02f3f34
MD5 hash:
1ad043cd1961bd25e3d66d0436669885
SHA1 hash:
9e103abddcf16b33339fd78967956eda91dc486d
Link:
https://www.unpac.me/results/2a347634-2028-4aa1-8aa1-77d63b4ac3ef/
Malware family:
XLoader
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/fbbad7f1ea80/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fbbad7f1ea80336f2d11ec3df5d547fedcca56d3def4eb369f605122b02f3f34

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

iso 745a6ee99c1f144b0e059d0b83eaceea30ec3f40a22b8379970b3f3f75ba83a5

Formbook

Executable exe fbbad7f1ea80336f2d11ec3df5d547fedcca56d3def4eb369f605122b02f3f34

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 745a6ee99c1f144b0e059d0b83eaceea30ec3f40a22b8379970b3f3f75ba83a5
Cape
Cape
https://www.capesandbox.com/analysis/403748/
  
Dropped by
MD5 9ca7d42a21d8392bf94b09cb840cba38

Comments