MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0232a1b1877a9e16f3e24ce5add9e3112597f67870fabc96ed63b1cfa978d4d1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0232a1b1877a9e16f3e24ce5add9e3112597f67870fabc96ed63b1cfa978d4d1
SHA3-384 hash: a3bbde2d82fe0f3a037705cd7570885912d3af37240bada318cc56491d54eeced34e89c5b0ad97f83ad348d47b85ff68
SHA1 hash: 8e1f683cd6f13c4f7f5050620514fc1707275401
MD5 hash: 08bb13f9b3dbc95be03c861323f55f52
humanhash: golf-emma-nineteen-ceiling
File name:Garra International - RFQ_GPH_PRODUCTS LIST.exe
Download: download sample
Signature FormBook
Create hunting rule
File size:556'544 bytes
First seen:2020-04-15 13:37:42 UTC
Last seen:2020-04-15 14:53:57 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'650 x AgentTesla, 19'462 x Formbook, 12'203 x SnakeKeylogger)
ssdeep 12288:RUYUgiqlYVUm19f2ACZ14JI5UUv3Kk7Km/Wco:XO19fAZ14JoPKkKxco
Threatray 5'303 similar samples on MalwareBazaar
TLSH CEC4087EAA942B27F77C81F849430048F5B441EB26329DDF86C771CD3459A017AAE36E
Reporter cocaman
Tags:exe FormBook

Intelligence

File Origin
# of uploads :
2
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen2.47299.25471.25040.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Nanocore
Create hunting rule
Status:
Malicious
First seen:
2020-04-15 09:35:38 UTC
File Type:
PE (.Net Exe)
Extracted files:
8
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=aizkdmmhpkpbn47cjts23wpdceszp5tyod5lzfxnmoy47kly2tiq._file
Verdict:
malicious
Similar samples:
154c8ad4fe041cb711c139005c210a63f15c3c030cab34e358256c4375a06aba
FormBook
17ccd5b98d29f09cde5b49fee52602ac5e95c462c68f09c5f07d12d8a8cd8e0f
FormBook
2a11f8f83b6c7fc23742f76d10d013aef543026557ddcd62879a638f6fd00c52
FormBook
45dbdfee969f471810b5c4940e8bf57a5ce301467329ee9e6d220a93231892a7
FormBook
5628310c6fe718d77dadbc5c8cb6238faa27942517b590c2a87c07aadca429d6
FormBook
8842ac3497c777517b2f18152eabaa0994a460d249773a5e89a4e16bca2bd741
FormBook
9daa8e87928b88143b9482b989764524754c86d142027ccaad1fc452f52c1765
FormBook
bcc826091ec71230947aa1916263434935a58ffe5977cf415b1d970633939652
FormBook
d1e9ede488849faab5eb3e767704a4644cc79e6eaac8fe996d90fa164e68f620
FormBook
f38d170b1da421aa60e778a64fec953d3058336f7cb06568ba7926495fe87f0c
FormBook
+ 5'293 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

z b2fb24fcfbec8eacc7210cfba8dae2f1492bfab42efc158a21290578f3af6835

FormBook

Executable exe 0232a1b1877a9e16f3e24ce5add9e3112597f67870fabc96ed63b1cfa978d4d1

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 b2fb24fcfbec8eacc7210cfba8dae2f1492bfab42efc158a21290578f3af6835

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments