MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0b80b458756d763bff9b687091162c3cef38203e797ca0fc49117739b1b169eb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0b80b458756d763bff9b687091162c3cef38203e797ca0fc49117739b1b169eb
SHA3-384 hash: 76e8a37869c1c9a25bab22868cc425c8994ce76492314e83c8d75288713736641fe19056e7bb570395d8a5eea7c36c9a
SHA1 hash: b25a9eaf909968cd37b304f7d128ad9b85031e01
MD5 hash: c5432659872026affb207b4ee258df31
humanhash: delta-venus-mockingbird-mountain
File name:5c0101be735328d538f019c72f24e788.exe
Download: download sample
Signature FormBook
Create hunting rule
File size:172'032 bytes
First seen:2020-04-02 06:30:11 UTC
Last seen:2020-04-06 06:00:11 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 3072:C8RixVP+tltEySoEorp1TC5SMH8kQLxL3WA2Im4Yt7Mw1vm:4xEfS96TwSSAW7Mqvm
Threatray 5'052 similar samples on MalwareBazaar
TLSH 84F3AE31D641C031E2B242B5FA7D0B7B883D0E35369564E6E3A426E06FF48A5B53A31F
Reporter abuse_ch
Tags:exe FormBook GuLoader


Avatar
abuse_ch
Payload dropped by GuLoader from the following URL:
https://drive.google.com/uc?export=download&id=1TobOvAhgiCOanJB35ZKsw-97PVSDH9d4

Intelligence

File Origin
# of uploads :
2
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Banker1.29984.UNOFFICIAL
Create hunting rule

Win.Malware.Formbook-7399661-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Formbook
Create hunting rule
Status:
Malicious
First seen:
2020-04-02 06:35:34 UTC
File Type:
PE (Exe)
AV detection:
31 of 31 (100.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=boaliwdvnv3dx743nbyjcfrmhtxtqib6pf6kb7cjcf3ttmnrnhvq._file
Verdict:
malicious
Similar samples:
043ba161ac2f0d30c5a15799d3ce26ec63989d278f58867aeff64ce7ecb41f42
FormBook
223bbe1af0d09289a1ebeddf78e3218fcae28d0a69c291d66fee5fa29337844a
FormBook
27faaaca4acb955010d7b8c16764a536c04149f2d332f99668d6ff6f292bfc20
FormBook
a85f53a7ad2f536d245e47535007f2bceacfa10f08d7f3f6568781dd1794caa0
FormBook
a91c5af7a94238bb1556b641b9f5bc7798133b3d699a9f3d5b88b8f8fc12f091
FormBook
b24a5df4c63722afbed1e3807b18fcc065008ec3431de146dbf3657dffa00893
FormBook
bf58aecacc268c49d707512236a42c80cf096b24850c3096eb056f662ecbe2e3
FormBook
ceec91127018aba0be51981277015baf08e3f0ef6fbd0a5efe5821fa698ba645
FormBook
d3664113994262962936ebe74d0355986970def0cd0bcdcf088fe102047df9ba
FormBook
f38d170b1da421aa60e778a64fec953d3058336f7cb06568ba7926495fe87f0c
FormBook
+ 5'042 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

6ff8b01feda6b3a403313a5b8344711f3bfe26de4ca75c1dcaa02741ee43cca8

FormBook

Executable exe 0b80b458756d763bff9b687091162c3cef38203e797ca0fc49117739b1b169eb

(this sample)

  
Dropped by
MD5 5c0101be735328d538f019c72f24e788
  
Dropped by
MD5 27ed0d7c0b70cc99dc53053aca72d511
  
Dropped by
GuLoader
  
Dropped by
SHA256 6ff8b01feda6b3a403313a5b8344711f3bfe26de4ca75c1dcaa02741ee43cca8
  
Dropped by
SHA256 7bd5597f0da68e72304640481177e3ecf76c3925ef1ae07966a9866ad4a118d9
  
URLhaus
https://urlhaus.abuse.ch/url/332079/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments