MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0e0472b3b50c46eff5b4529b1bb8dd54f60db45f4bc772d3bef3666a72e15898. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0e0472b3b50c46eff5b4529b1bb8dd54f60db45f4bc772d3bef3666a72e15898
SHA3-384 hash: f6e875c5d687806201fc7a9bfaaa6544952261eaef770578734126fe317b457b25274bfb9c2440d073f55c0aa87ca571
SHA1 hash: 3454cecce40c35e67288bedbeb2662c2a288d98f
MD5 hash: 38002648240387caa73baddffa787e0b
humanhash: tennessee-ohio-eleven-batman
File name:cd5faffe1a0378ef892d798532c399a6.exe
Download: download sample
Signature FormBook
Create hunting rule
File size:171'520 bytes
First seen:2020-03-27 05:20:09 UTC
Last seen:2020-03-27 09:43:24 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 3072:THs+fP+M2LK594rfncGBODx/YX+OxpRh7U4fk2nBK4ReEHh:Xuu9ivoD5YPtvH
Threatray 2'234 similar samples on MalwareBazaar
TLSH A5F3AE31D641C031E2B241B5FA7D1B7B883E0D357295A4E6A3A12AE06FB44A5F53E31F
Reporter abuse_ch
Tags:exe FormBook GuLoader


Avatar
abuse_ch
Payload dropped by GuLoader from the following URL:
https://drive.google.com/uc?export=download&id=1hVfRzD4T7SUpBiw2eGqqZRxD86KSk1aK

Intelligence

File Origin
# of uploads :
2
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/789/
Detection(s):
SecuriteInfo.com.Trojan.PWS.Banker1.29984.UNOFFICIAL
Create hunting rule

Win.Malware.Formbook-7399661-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Formbook
Create hunting rule
Status:
Malicious
First seen:
2020-03-27 05:35:30 UTC
File Type:
PE (Exe)
AV detection:
29 of 31 (93.55%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bychfm5vbrdo75nukknrxog5kt3a3nc7jpdxfu566ntgu4xblcma._file
Verdict:
malicious
Similar samples:
052e19392c73c979c31554983a4aed5589c4ece553083dddfb4fe14ee55c440a
FormBook
1edf8c6bcf0ae2b38e9e28bcb1fd838c2ea35b5b126e4bc9e42daa2e1e722298
FormBook
2ea5a4fb25528051254f255dc64913ca7d4faa1ecba2f40a55b536f871624fb9
FormBook
48759dee612da5c1b36dfe7ce569a64c3e6528210ca830993cba1996db55ea87
FormBook
5620eaea502dcc3bc31e10dc48478022f518a15956a4b6565c454dd062859eff
FormBook
7f6459ace4d6259e61c8170563af8a30f25568457902f4f717c8ad17574efab6
FormBook
8e5e93b6f3eee7f1a08a0420b25105017d3479769e6bf9d6b2518d3abc6b1a75
FormBook
9fba6ffeb90dd242748718d8272a4942496e76a4f68bdb4dd42f93b044b5ed50
FormBook
b801afb5529bee671ee0219b95450122f641260b372695c89d7bdc5c2c227b65
FormBook
f38d170b1da421aa60e778a64fec953d3058336f7cb06568ba7926495fe87f0c
FormBook
+ 2'224 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

gz 3de1aa5cd2d05f38c192ebecf2a0fdcd04174fdc217879e5c52b331d16702e52

Formbook

Executable exe 2ea5a4fb25528051254f255dc64913ca7d4faa1ecba2f40a55b536f871624fb9

FormBook

Executable exe 0e0472b3b50c46eff5b4529b1bb8dd54f60db45f4bc772d3bef3666a72e15898

(this sample)

  
Dropped by
MD5 cd5faffe1a0378ef892d798532c399a6
  
Dropped by
MD5 9b09894a02ab4a60aee0b77250152ec8
  
Dropped by
GuLoader
  
Dropped by
SHA256 2ea5a4fb25528051254f255dc64913ca7d4faa1ecba2f40a55b536f871624fb9
  
Dropped by
SHA256 d487044d30c56875c56f5337770540846ad1064608ffac68778bf1d352289a74
  
URLhaus
https://urlhaus.abuse.ch/url/330807/
Cape
Cape
https://www.capesandbox.com/analysis/789/
Cape
Cape
https://www.capesandbox.com/analysis/788/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments