MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2ea74bf397854358ce0363ce3176f0c0dc40ac0efb6f378422e2d72c8c078372. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2ea74bf397854358ce0363ce3176f0c0dc40ac0efb6f378422e2d72c8c078372
SHA3-384 hash: 4db98e51e39952c3d3bd710133c40c5459b6124526266bc475053e80a27fc9500406a61c6f981b5f453440d86e3b92a6
SHA1 hash: 4d969891eb295cd6ca99ff9d3e5f46c16405262c
MD5 hash: d7257bd857b72af07792a94091514e00
humanhash: east-blossom-bluebird-failed
File name:utasarmsinc.ru_live__dew005.exe
Download: download sample
Signature Formbook
Create hunting rule
File size:569'344 bytes
First seen:2020-03-18 19:21:35 UTC
Last seen:2020-03-18 20:46:19 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 833187c5bbb939e9afa505c6769e4ac9 (1 x Formbook)
ssdeep 6144:gqywvlG7MKumTSMnQxaO1EajN5S/oti/0ETA4r6vgCXnhP7FT5ij:dlGQxMnQwO/vSQobfrihzF0j
Threatray 2'193 similar samples on MalwareBazaar
TLSH F6C4E12DF67C1066F8AD40337A85C0B614F25C2864E201DB3F7EB9CA9AB724CED965D1
Reporter ov3rflow1
Tags:exe FormBook

Intelligence

File Origin
# of uploads :
2
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Inject3.6377.28302.13510.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2018-03-17 16:58:00 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
netwirerc
Create hunting rule
Similar samples:
16b59963cf5398fe9d50d18723bf7b78073a6fd4d1dfd3072b45b8852ead2d58
Formbook
1b03fa4e56e70ad55ca0044382bf11a6e5a4dda8cd750fc1bd4c7198a505b365
Formbook
4cd679aa5f3ccf47e45a2600bbaedbbacb5e606035656b03172aed4aebe9973a
Formbook
7f6459ace4d6259e61c8170563af8a30f25568457902f4f717c8ad17574efab6
Formbook
9a1bbd02f1dc5ae62f13a00f38067354bf8a754e72e3ebee49a8b6aaa7b7e41f
Formbook
a9933b87a7005503dc8cdaaa5c47c733e12bee1a65f8adfd9563805ea6aaac58
Formbook
b8ee3458736fa73672b43a4c55e136bafc48b215dcb89dac28b5865ab59fc99c
Formbook
e69790e910b1817bcfb714f20fda02b6e024babd3dfcea8fa982192928a5df93
Formbook
ea03bddaf3ee776f78eb33a3ff355cc2ffdc9a610ab086d49f28dffce00d8c99
Formbook
fad4f5a49b06971b1e9f09356dd43bf47cdeddc1b4af2d6cda4369c73a352cc7
Formbook
+ 2'183 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2ea74bf397854358ce0363ce3176f0c0dc40ac0efb6f378422e2d72c8c078372

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
  
URLhaus
https://urlhaus.abuse.ch/url/226/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaSetSystemError
MSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaErrorOverflow

Comments