MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ff8546c70bd0c5c92117b5e453c417a85d7dd43bc170d5479ffb8d3f398ee494. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Formbook

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	ff8546c70bd0c5c92117b5e453c417a85d7dd43bc170d5479ffb8d3f398ee494
SHA3-384 hash:	ceef0d709a2fd771659b72ce89b21860ae0ca2186c328c07cd445d8bda2f31e8fa8c55f0474edeff007f953113fcb86e
SHA1 hash:	ff11652fa5e2380a091a9069f2bbb570b0c9d8ec
MD5 hash:	4db5e988eb7a9d1eb1816b1a258838d2
humanhash:	connecticut-freddie-vermont-bakerloo
File name:	license.js
Download:	download sample
Signature	Formbook Create hunting rule
File size:	67'994 bytes
First seen:	2026-04-01 04:35:04 UTC
Last seen:	Never
File type:	js
MIME type:	text/plain
ssdeep	768:aiyExHxmoaI2E9F/f205ZH/vK6AZ4oJcp+oMNHe7vTwxstNRBhREmwoLnwa8Ev0G:OlCgy22Kfud4dDAV
Threatray	2'673 similar samples on MalwareBazaar
TLSH	T1F963E2FDAF5DC4F51433ACCB7C706AA04787D92963E06DC1E666669D89832238460CFB
Magika	javascript
Reporter	JAMESWT_WT
Tags:	FormBook js NKFZ5966PURCHASE Spam-ITA

Intelligence

File Origin

# of uploads :

1

# of downloads :

146

Origin country :

IT

Vendor Threat Intelligence

Gathering data

Detection(s):

SecuriteInfo.com.JS.Obfus-2267.UNOFFICIAL

Verdict:

Malicious

Score:

90.2%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69cca0913a18a6e1ddf0332c

Tags:

ransomware extens xtreme

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-vm base64 exploit fingerprint formbook repaired

Link:

https://www.filescan.io/uploads/69cca08e2346b9da57b58465/reports/a101ddf4-df1f-45be-9c79-260d784e6432/overview

Verdict:

Malicious

Labled as:

SVM:TrojanDownloader/JS.MalBehav.gen

Link:

https://www.hybrid-analysis.com/sample/ff8546c70bd0c5c92117b5e453c417a85d7dd43bc170d5479ffb8d3f398ee494

Verdict:

Malicious

File Type:

js

First seen:

2026-03-31T22:06:00Z UTC

Last seen:

2026-04-02T02:35:00Z UTC

Hits:

~1000

Link:

https://opentip.kaspersky.com/ff8546c70bd0c5c92117b5e453c417a85d7dd43bc170d5479ffb8d3f398ee494/results?tab=lookup

Score:

99%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/ff8546c70bd0c5c92117b5e453c417a85d7dd43bc170d5479ffb8d3f398ee494

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/ff8546c70bd0c5c92117b5e453c417a85d7dd43bc170d5479ffb8d3f398ee494/

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=76cunryl2dc4siixwxsfhraxvbox3vb3yfynkr477ogt6omo4ska._file

Verdict:

malicious

Label(s):

formbook

Similar samples:

0309d60cd7a0911ec64fa72e33ce9143d88f8c85ad8758c3e4b6100cd455010a

0e6a0dda6d54291452adeb1d7515cc8edad2705807d5a0343340ce7122cef8b1

0ee1d5d6cd40ca035ae628632e2ccab0733f04d4a0d6c21a705993166c29761f

1bc5f2d3c8d9ff144f16a61e4019689ebd77097ca6ac91f86ad1184275d301d6

4d2d2c6efbb042ae0af1b79c8cc52237998ec70df56afd418abbacc48d9d3395

528eeaa729b13527924b13dc4dfd8264c93535ae8401d8d812c8a5f329dce2ce

759388bf61a6134039a3bc1577bf1650b2f0f7d65cd43c49b3b8010f642a67fd

79940efa2306d8d62d7ec4b8a30e708682e3fcd198896d508990df2546d6447c

+ 2'663 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

10/10

Tags:

defense_evasion execution persistence

Link:

https://tria.ge/reports/260401-e7v1gagv8l/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Command and Scripting Interpreter: JavaScript

Enumerates physical storage devices

Suspicious use of SetThreadContext

Adds Run key to start application

Obfuscated Files or Information: Command Obfuscation

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

System Binary Proxy Execution: Rundll32

Badlisted process makes network request

Command and Scripting Interpreter: PowerShell

Suspicious use of NtCreateUserProcessOtherParentProcess

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/ff8546c70bd0c5c92117b5e453c417a85d7dd43bc170d5479ffb8d3f398ee494

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample